On Fri, Aug 19, 2005 at 08:03:39AM -0700, Stephan Szabo wrote: > On Fri, 19 Aug 2005, Bernard wrote: > > > But we can take this one step further so that we don't even need to > > trust ourselves: > > > > The logical next step is that for a non-postgresql-superuser user, > > COPY FROM files have to be world-readable and COPY TO files and > > directories have to be world-writable. The server checks the file > > attributes and grants copy permission depending on them. Obviously any > > Postrgres system files must not be world-readable and world-writable. > > > > Problem solved. One doesn't need to be a genius to figure this out. > > No, it's not solved. It prevents that problem for the configuration > files, but still gives access to other world readable files on the system > for example /etc/passwd on many systems (yes it's not terribly interesting > in general, but still is often not acceptable to retrieve). > > You'd probably want to add the ability to setup which directories that are > allowed to be read or written to as configuration separately from unix > file permissions. FWIW, this is exactly what Oracle does. A DBA has to configure what directories you can bulk copy to/from. -- Jim C. Nasby, Sr. Engineering Consultant jnasby@xxxxxxxxxxxxx Pervasive Software http://pervasive.com 512-569-9461 ---------------------------(end of broadcast)--------------------------- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq
