| Scott Marlowe 2005-08-30, 8:24 pm |
| On Mon, 2005-08-29 at 18:59, Tom Lane wrote:
> Greg Stark <gsstark@mit.edu> writes:
>
> ... on some platforms ... and half the world connects over TCP even on
> local connections ...
>
>
> Assuming that the server itself can get at the file, which is
> questionable if the file is owned by the connecting user rather than the
> server (and, for instance, may be located under a not-world-readable
> home directory). And then there are interesting questions like whether
> the server and the user see eye-to-eye on the name of the file (consider
> server inside chroot jail, AFS file systems, etc).
>
> There are enough holes in this to make it less than attractive. We'd
> spend more time answering questions about "why doesn't this work" than
> we do now, and I remain unconvinced that there would be no exploitable
> security holes.
Plus, how is the server supposed to KNOW that you have access to the
file? psql may know who you are, but the server only knows who you are
in the "postgresql" sense, not the OS sense.
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
|