Bruce Momjian wrote:
As a super-user, could an attacker load a server-side language and
access the backend environment variable PGDATA.
plperl won't do it, but plperlu will (as expected I guess). But the superuser will have to jump through some explicit hoops in order to get there, which is different from providing such facilities out of the box.
cheers
andrew
---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faqs/FAQ.html
