On Mon, Aug 19, 2013 at 11:44:36PM +0200, Dimitri Fontaine wrote:
> Bruce Momjian writes:
> > That's pretty vague. Exactly what does "keys to the kingdom" mean? If
> > it means you can do anything to the database, you are right. If it
> > means executing arbitrary code, including arbitrary kern
Bruce Momjian writes:
> That's pretty vague. Exactly what does "keys to the kingdom" mean? If
> it means you can do anything to the database, you are right. If it
> means executing arbitrary code, including arbitrary kernel calls, I
> would like to hear how that is done.
You've now heard ab
On Mon, Aug 19, 2013 at 11:34:47AM +0200, Dimitri Fontaine wrote:
> Dave Page writes:
> > If you find a hole in the boat, the preferred option is to fix it, not
> > to say "meh, well another won't hurt".
>
> My understanding is that there's no way to fix it. If you're superuser
> you have the key
Dave Page writes:
> If you find a hole in the boat, the preferred option is to fix it, not
> to say "meh, well another won't hurt".
My understanding is that there's no way to fix it. If you're superuser
you have the keys to the kingdom. That's it.
And that's why it's very important that as many
On Mon, Aug 19, 2013 at 10:21 AM, Dimitri Fontaine
wrote:
> Dave Page writes:
>> The escalation happens because in a normal system-wide installation of
>> PostgreSQL as you'd see on most production systems will have the
>> installation directories and binaries owned by the root user, so if
>> the
Dave Page writes:
> The escalation happens because in a normal system-wide installation of
> PostgreSQL as you'd see on most production systems will have the
> installation directories and binaries owned by the root user, so if
> the server or a superuser account on it is compromised, the attacker
On Sun, Aug 18, 2013 at 10:34 PM, Hannu Krosing wrote:
> On 08/18/2013 10:20 PM, Dimitri Fontaine wrote:
>> Hi,
>>
>> I had the chance to being at OSCON this year and had a chat with the
>> Open Shift team while there. Thanks for posting your use case!
>>
>> Tom Lane writes:
>>> Right offhand, it
On 08/18/2013 10:20 PM, Dimitri Fontaine wrote:
> Hi,
>
> I had the chance to being at OSCON this year and had a chat with the
> Open Shift team while there. Thanks for posting your use case!
>
> Tom Lane writes:
>> Right offhand, it seems like you have or could grant a developer
>> superuser/DBA
Hi,
I had the chance to being at OSCON this year and had a chat with the
Open Shift team while there. Thanks for posting your use case!
Tom Lane writes:
> Right offhand, it seems like you have or could grant a developer
> superuser/DBA privileges with respect to his own PG instance, so I'm not
>
Steven Citron-Pousty writes:
> What we need is the ability for Postgresql to load extensions from a
> users file space.
TBH this needs a whole lot of thought. I'm prepared to grant that there
may be other useful security models besides the one we currently have,
but we need to be sure that anyth
On 08/18/2013 11:36 AM, Hannu Krosing wrote:
> On 08/17/2013 11:53 PM, Steven Citron-Pousty wrote:
>> Greetings all:
>> I spoke to Josh B and company at OSCON about a feature we really need
>> for PostgreSQL extensions on OpenShift (Red Hat's Platform as a
>> Service).
>>
>> What we need is the ab
On 08/17/2013 11:53 PM, Steven Citron-Pousty wrote:
> Greetings all:
> I spoke to Josh B and company at OSCON about a feature we really need
> for PostgreSQL extensions on OpenShift (Red Hat's Platform as a
> Service).
>
> What we need is the ability for Postgresql to load extensions from a
> user
On Sat, 2013-08-17 at 17:53 -0400, Steven Citron-Pousty wrote:
> What we need is the ability for Postgresql to load extensions from a
> users file space.
Sure, that would be useful for a number of reasons. I think there was a
proposed patch for that a while ago that some people objected to, so
th
Greetings all:
I spoke to Josh B and company at OSCON about a feature we really need for
PostgreSQL extensions on OpenShift (Red Hat's Platform as a Service).
What we need is the ability for Postgresql to load extensions from a users file
space. For example, if, as a developer on a machine, I
14 matches
Mail list logo
