Re: allowing privileges on untrusted languages
Simon Riggs <simon@2ndquadrant.com>
From: Simon Riggs <simon@2ndQuadrant.com>
To: Kohei KaiGai <kaigai@kaigai.gr.jp>
Cc: Peter Eisentraut <peter_e@gmx.net>, pgsql-hackers@postgresql.org
Date: 2013-01-19T13:54:26Z
Lists: pgsql-hackers
On 19 January 2013 13:45, Kohei KaiGai <kaigai@kaigai.gr.jp> wrote: > I think, it is a time to investigate separation of database superuser privileges > into several fine-grained capabilities, like as operating system doing. > https://github.com/torvalds/linux/blob/master/include/uapi/linux/capability.h > > In case of Linux, the latest kernel has 36 kinds of capabilities that reflects > a part of root privileges, such as privilege to open listen port less than 1024, > privilege to override DAC permission and so on. Traditional root performs > as a user who has all the capability in default. Sounds like the best way to go. The reasoning that led to that change works for us as well. -- Simon Riggs http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services