"Magnus Hagander" <[EMAIL PROTECTED]> writes: >>> If you want to secure your system against a superuser()-level >>> intrusion then you need to secure the unix account, or disable >>> creation of C-language and other untrusted languages (at least). >> >> Very likely --- which is why Magnus' idea of an explicit >> switch to prevent superuser filesystem access seems >> attractive to me. It'd have to turn off LOAD and creation of >> new C functions as well as COPY and the other stuff we discussed.
> So would a patch to do this be accepted for 8.1 even though we are past > feature freeze? Given that we don't even have a design for it, I think it's a bit late for 8.1 :-(. Both Bruce and I have way more on our plates than we could wish, and the other committers aren't getting a lot done, so the originally hoped-for beta date of 1 Aug is looking completely out of reach. So adding yet more stuff to the queue isn't going to get looked upon with great favor. > And finally, with something like that in place, would you be fine with > the file editing functions as they stand (limiting them to the pg > directories, as I believe it does)? I'm OK with them even without the directory limitation as long as there's a way to disable them. However, I fear the whole thing has to wait for 8.2 at this point. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings