On Wed, Oct 15, 2014 at 11:34 PM, Tom Lane <[email protected]> wrote: > "Brightwell, Adam" <[email protected]> writes: >> The attached patch for review implements a directory permission system that >> allows for providing a directory read/write capability to directories for >> COPY TO/FROM and Generic File Access Functions to non-superusers. > > TBH, this sounds like it's adding a lot of mechanism and *significant* > risk of unforeseen security issues in order to solve a problem that we > do not need to solve. The field demand for such a feature is just about > indistinguishable from zero.
I am also not convinced that we need this. If we need to allow non-superusers COPY permission at all, can we just exclude certain "unsafe" directories (like the data directory, and tablespaces) and let them access anything else? Or can we have a whitelist of directories stored as a PGC_SUSER GUC? This seems awfully heavyweight for what it is. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
