On 07/22/2013 12:11 AM, Hannu Krosing wrote: >> Dropping this barrier by installing an untrusted PL (or equally insecure >> extensions), an attacker with superuser rights can trivially gain >> root. > Could you elaborate ? > > This is equivalent to claiming that any linux user can trivially gain root.
Uh. Sorry, you're of course right, the attacker can only gain postgres rights in that case. Thanks for correcting. The point still holds. It's another layer that an attacker would have to overcome. >>> You already mentioned untrusted PL languages, and I don't see any >>> difference in between offering PL/pythonu and PL/C on security grounds, >>> really. >> I agree. However, this also means that any kind of solution it offers is >> not a good one for the security conscious sysadmin. > This is usually the case with a "security conscious sysadmin" - they very > seldom want to install anything. Exactly. That's why I'm favoring solutions that don't require any extension and keep the guarantee of preventing arbitrary native code. Regards Markus Wanner -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers