Re: Dumping an Extension's Script
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Dimitri Fontaine <dimitri@2ndQuadrant.fr>
Cc: Andres Freund <andres@2ndquadrant.com>, Heikki Linnakangas <hlinnakangas@vmware.com>, Simon Riggs <simon@2ndquadrant.com>, Robert Haas <robertmhaas@gmail.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2012-12-05T21:20:41Z
Lists: pgsql-hackers
Dimitri Fontaine <dimitri@2ndQuadrant.fr> writes: >> On 2012-12-05 13:18:16 -0500, Tom Lane wrote: >>> I think you're wasting your time to imagine that that case will ever be >>> "fixed". Allowing the server to scribble on executable files would set >>> off all kinds of security alarm bells, and rightly so. If Postgres ever >>> did ship with such a thing, I rather imagine that I'd be required to >>> patch it out of Red Hat releases (not that SELinux wouldn't prevent >>> it from happening anyway). > That part I did understand. I still can't be happy about it, but I won't > get back with any proposal where that's put into questions. That said, > while you're talking about it, what if it's an opt-in GUC? GUC or no GUC, it'd still be letting an unprivileged network-exposed application (PG) do something that's against any sane system-level security policy. Lipstick is not gonna help this pig. regards, tom lane