Re: Contrib Schemas
Josh Berkus <josh@agliodbs.com>
From: Josh Berkus <josh@agliodbs.com>
To: pgsql-hackers@postgresql.org
Cc: John DeSoi <desoi@pgedit.com>, Christopher Kings-Lynne <chriskl@familyhealth.com.au>
Date: 2006-01-13T19:34:20Z
Lists: pgsql-hackers
John, > Would it be reasonable for there to be a way for the super user to > grant access to load "approved" modules and/or C language functions? I can't see a way to do this except individually, in which case the superuser might as well load the functions. We *have* to be restrictive about this because a C function can do anything, including overwriting whatever parts of the filesystem "postgres" has access to. Look over our patch releases for the last 2 years and you'll see a host of patches designed specifically to prevent regular users from gaining access to superuser priveleges. What you want isn't impossible, but it would be a lot of work and testing to engineer such a mechanism and keep PostgreSQL's "most secure" status. So far, everyone has found it easier to work around the issue, especially since for most sites backup/restore is done by the superuser anyway. -- --Josh Josh Berkus Aglio Database Solutions San Francisco