Tom Lane <t...@sss.pgh.pa.us> wrote: > So at this point we've decided that we must forbid access to symlinked or > hardlinked files, which is a significant usability penalty; we've also > chosen to blow off most older platforms entirely; and we've only spent > about five minutes actually looking for security issues, with no good > reason to assume there are no more.
What's interesting and disappointing here is that not one of these suggested vulnerabilities seems like a possibility on a database server managed in what I would consider a sane and secure manner[1]. This feature is valuable because it is an alternative to allowing a user you don't trust *either* an OS login to the database server *or* a superuser database login. Can anyone suggest an exploit which would be available if we allowed someone who has permission to view all data in the database read permission to the pg_log directory and the files contained therein, assuming they do *not* have an OS login to the database server? -- Kevin Grittner EDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
