Ron Mayer <rm...@cheapcomplexdevices.com> writes: > As far as I can tell, the community feels interested in the > feature set; but relatively unable to contribute since none > of the people have that much of a security background. It > seems the best way to fix that would be to get more people > with a security background more involved.
It's experience with the Postgres code base that I'm worried about. I don't question KaiGai-san's security background; I do doubt that he knows where all the skeletons are buried in the PG backend. A couple of very recent examples of that: his patch to fix a problem with inheritance of column privileges was approximately the right thing, but inefficiently duplicated the functionality of nearby code: http://archives.postgresql.org/pgsql-hackers/2009-03/msg00196.php and it didn't take Heikki long at all to note an oversight in the part of the latest sepostgres patch that attempted to confine superusers' file read/write abilities: http://archives.postgresql.org/pgsql-hackers/2009-03/msg00446.php More generally, there's been no discussion or community buy-in on design questions such as whether the patch should even try to confine superusers on such a fine-grained basis. (I agree with Heikki's thought that this may be a lost cause given our historical design assumption that superusers can do anything.) So I remain strongly of the opinion that what this patch lacks is review from longtime PG hackers. It's not the security community that is missing from the equation. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
