Re: logfile subprocess and Fancy File Functions
| От | Tom Lane |
|---|---|
| Тема | Re: logfile subprocess and Fancy File Functions |
| Дата | |
| Msg-id | 28435.1090619306@sss.pgh.pa.us обсуждение |
| Ответ на | Re: logfile subprocess and Fancy File Functions (Bruce Momjian <pgman@candle.pha.pa.us>) |
| Ответы |
Re: logfile subprocess and Fancy File Functions
|
| Список | pgsql-patches |
Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Tom Lane wrote:
>> Also, while I'm aware that a superuser can persuade the backend to write
>> on anything, it doesn't follow that we should invent pg_file_write(),
>> pg_file_rename(), or pg_file_unlink().
> I think the analogy is locking one door but leaving the other door
> unlocked.
Not only that, but posting a sign out front telling which door is
unlocked.
As for the analogy to COPY, the addition of unlink/rename to a hacker's
tool set renders the situation far more dangerous than if he only has
write. Write will not allow him to hack write-protected files, but he
might be able to rename them out of the way and create new trojaned
versions...
regards, tom lane
В списке pgsql-patches по дате отправления: