Re: allowing privileges on untrusted languages

Peter Eisentraut <peter_e@gmx.net>

From: Peter Eisentraut <peter_e@gmx.net>
To: Kohei KaiGai <kaigai@kaigai.gr.jp>
Cc: pgsql-hackers@postgresql.org
Date: 2013-03-27T20:27:43Z
Lists: pgsql-hackers
On 1/19/13 8:45 AM, Kohei KaiGai wrote:
> I think, it is a time to investigate separation of database superuser privileges
> into several fine-grained capabilities, like as operating system doing.
> https://github.com/torvalds/linux/blob/master/include/uapi/linux/capability.h

The Linux capabilities system exists because there is no normal file
system object to attach the privileges to.  If there were
/dev/somethings for all of these things, there would not no need for the
capabilities thing.

In this case, the privileges system already exists.  We just need to use it.