Re: allowing privileges on untrusted languages

Simon Riggs <simon@2ndquadrant.com>

From: Simon Riggs <simon@2ndQuadrant.com>
To: Kohei KaiGai <kaigai@kaigai.gr.jp>
Cc: Peter Eisentraut <peter_e@gmx.net>, pgsql-hackers@postgresql.org
Date: 2013-01-19T13:54:26Z
Lists: pgsql-hackers
On 19 January 2013 13:45, Kohei KaiGai <kaigai@kaigai.gr.jp> wrote:

> I think, it is a time to investigate separation of database superuser privileges
> into several fine-grained capabilities, like as operating system doing.
> https://github.com/torvalds/linux/blob/master/include/uapi/linux/capability.h
>
> In case of Linux, the latest kernel has 36 kinds of capabilities that reflects
> a part of root privileges, such as privilege to open listen port less than 1024,
> privilege to override DAC permission and so on. Traditional root performs
> as a user who has all the capability in default.

Sounds like the best way to go. The reasoning that led to that change
works for us as well.

-- 
 Simon Riggs                   http://www.2ndQuadrant.com/
 PostgreSQL Development, 24x7 Support, Training & Services