| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Diego Linke - GAMK <linke(at)calnet(dot)com(dot)br> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: "Bug" report - Serious (local shell) |
| Date: | 2003-08-14 19:22:43 |
| Message-ID: | 6915.1060888963@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Diego Linke - GAMK <linke(at)calnet(dot)com(dot)br> writes:
> The problem is that postgresql when calls a function in external C,
> calls with user of the postgres.
The ability to create C functions is reserved to superusers, for exactly
this reason. If you have the rights to make the backend execute
arbitrary C code, you hardly need a shell to do something nasty.
In short, this is not a bug. Don't give superuser privileges to people
you cannot trust.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Diego Linke - GAMK | 2003-08-14 20:03:59 | Re: "Bug" report - Serious (local shell) |
| Previous Message | Kevin Houle | 2003-08-14 19:11:27 | DBD::Pg 'lo_read' fails on >= 32768 byte large objects |