Re: advisory locks and permissions
| От | Jim C. Nasby |
|---|---|
| Тема | Re: advisory locks and permissions |
| Дата | |
| Msg-id | 20060921002223.GI28987@nasby.net обсуждение исходный текст |
| Ответ на | advisory locks and permissions (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Wed, Sep 20, 2006 at 07:52:33PM -0400, Tom Lane wrote: > face up to the possibility of malicious use. For instance, it's not > very hard to create a DoS situation by running the system out of shared > lock table space: Didn't you just say we don't try and protect against DoS? ;P > The brute force answer is to make those functions superuser-only, but I > wonder if there is a better way. Perhaps we could just deny public > execute access on them by default, and let admins grant the privilege to > whom they trust. > > Or we could try to do something about limiting the number of such locks > that can be granted, but that seems nontrivial to tackle at such a late > stage of the devel cycle. ISTM that just restricting default access still leaves a pretty big foot-gun laying around... perhaps the best compromise would be to do that for this release and add some kind of a limit in the next release. -- Jim Nasby jim@nasby.net EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)
В списке pgsql-hackers по дате отправления: