| Jim C. Nasby 2005-08-31, 3:24 am |
| On Tue, Aug 30, 2005 at 11:20:49PM -0400, Greg Stark wrote:
> Scott Marlowe < smarlowe@g2switchwor
ks.com> writes:
>
>
> My original suggestion was that clients connected via unix domain sockets
> should be allowed to read any file owned by the same uid as the connecting
> client. (Which can be verified using getpeereid/SO_PEERCRED/SCM_CREDS.)
>
> Alternatively and actually even better and more secure would be passing the fd
> directly from the client to the server over the socket. That avoids any
> question of the server bypassing any security restrictions. The client is
> responsible for opening the file under its privileges and handing the
> resulting fd to the server over the socket.
>
> None of this helps for remote clients of course but remote clients can just
> ftp the file to the server anyways and some manual intervention is necessarily
> needed by the DBA to create a security policy for them.
What do people think about the Oracle method where bulk data operations
can only occur in a specified directory? Making that restriction might
address some of the security concerns. I don't think we should change
COPY in such a way that you *have* to use a specified directory, but if
it was an option that helped with the security concerns...
--
Jim C. Nasby, Sr. Engineering Consultant jnasby@pervasive.com
Pervasive Software http://pervasive.com 512-569-9461
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
|