On Wed, Jun 13, 2012 at 12:19 AM, Craig Ringer <ringerc@xxxxxxxxxxxxx> wrote: > On 06/13/2012 12:45 PM, Chris Travers wrote: >> >> On Tue, Jun 12, 2012 at 11:47 AM, John R Pierce <pierce@xxxxxxxxxxxx> >> wrote: >>> >>> On 06/12/12 11:25 AM, leaf_yxj wrote: >>>> >>>> Thanks. You guys are right. I check the database. The C programm is >>>> there. >>>> ----- but why our application team keep ask me to give them the >>>> superuser >>>> privileges to create the C function. Should they use the superuser to >>>> create >>>> the C function. if yes , why they need it? >>> >>> >>> yes, only a sql superuser can define a C function, as these have total >>> access to crashing postgres's innards. >>> >> Not just the innards, but the file system (could be used to overwrite >> data files), arbitrary system commands, etc...... > > Hopefully not arbitrary system commands, in that I really hope nobody's nuts > enough to run PostgreSQL as root or with write access to its own binaries. > The data files are fair game, though, and replacement/modification of > commands is probably possible in weaker installations. Maybe not as arbitrary as it would as root, but at least arbitrary in the sense of "able to do or access anything that the system will let the Postgres process access." That means all binaries an ordinary user can access and all system calls that don't require root unless you lock things down using something like SELinux..... Best Wishes, Chris Travers -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
