Re: For review: Server instrumentation patch

Magnus Hagander wrote:

>>>How is this different from the fact that the superuser can 
>>>      
>>>
>>already use 
>>    
>>
>>>COPY to accomplish the same thing?
>>>      
>>>
>>COPY can accomplish a few of the same things, much less 
>>conveniently (for instance, it's darn hard to write an 
>>arbitrary binary file through COPY).
>>    
>>
>
>Right. But the *security* problem is more or less equal. If somebody
>hacks your superuser account, they can make at least almost the same
>amount of damage. It may take a little more work, but if you just want
>to kill the system by overwriting files, or overwriting say the password
>file, it's just as easy. And if what you want to do is stick some kind
>of executable o nthe system, you can just wrap it in a shellscript that
>will unpack it.
>  
>

It could be argued that there should be provision for a limitation on 
the locations in which COPY can write (and maybe read) files.

If COPY is a security hole then we should close it, not use that as 
precedent to open another hole.

cheers

andrew