Re: Dumping an Extension's Script
| От | Andres Freund |
|---|---|
| Тема | Re: Dumping an Extension's Script |
| Дата | |
| Msg-id | 20121205215956.GV27424@awork2.anarazel.de обсуждение исходный текст |
| Ответ на | Re: Dumping an Extension's Script (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On 2012-12-05 16:42:38 -0500, Tom Lane wrote: > Andres Freund <andres@anarazel.de> writes: > > On 2012-12-05 16:20:41 -0500, Tom Lane wrote: > >> GUC or no GUC, it'd still be letting an unprivileged network-exposed > >> application (PG) do something that's against any sane system-level > >> security policy. Lipstick is not gonna help this pig. > > > What about the non-writable per cluster directory? Thats something I've > > actively wished for in the past when developing a C module thats also > > used in other clusters. > > I see no security objection to either per-cluster or per-database > script+control-file directories, as long as they can only contain > SQL scripts and not executable files. Well, I was explicitly talking about C code above. The question doesn't really have to do too much with this thread, sorry. Given I am proposing the directory to be explicitly read-only and under permission that don't allow postgres to change that its not really suitable for this topic... Greetings, Andres Freund
В списке pgsql-hackers по дате отправления: