On 1/20/20 2:48 AM, Craig Ringer wrote: > On Thu, 9 Jan 2020 at 22:38, Christoph Berg <m...@debian.org > <mailto:m...@debian.org>> wrote: > > Re: Robert Haas 2020-01-09 > <CA+TgmoZEjyv_PD=2cinkbDA_chyLNAcBPL_9bKJQ6bc=nw+...@mail.gmail.com > <mailto:nw%2b...@mail.gmail.com>> > > Does this mean that a non-superuser can induce postgres_fdw to > read an > > arbitrary file from the local filesystem? > > Yes, see my comments in the "Allow 'sslkey' and 'sslcert' in > postgres_fdw user mappings" thread. > > > Ugh, I misread your comment. > > You raise a sensible concern. > > These options should be treated the same as the proposed option to > allow passwordless connections: disallow creation or alteration of FDW > connection strings that use them by non-superusers. So a superuser can > define a user mapping that uses these options, but normal users may not. > >
Already done. cheers andrew -- Andrew Dunstan https://www.2ndQuadrant.com PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
