Excerpts from Robert Haas's message of dom abr 10 13:37:46 -0300 2011: > It's maybe worth noting here that what's being asked for is roughly > what you get from UNIX's distinction between euid and ruid. Many > programs that run setuid root perform a few operations that require > root privileges up front, and then drop privs. To what degree that > model applies in an SQL environment I'm not sure, but it might be > worth looking at some of the parallels, as well as some of the ways > that the UNIX mechanism has managed to cause all sorts of privilege > escalation bugs over the years, to make sure we don't repeat those > mistakes.
Thanks for mentioning that. It made me recall a couple of articles I read some time ago, http://lwn.net/Articles/416494/ and http://www.cis.upenn.edu/~KeyKOS/ConfusedDeputy.html -- Álvaro Herrera <alvhe...@commandprompt.com> The PostgreSQL Company - Command Prompt, Inc. PostgreSQL Replication, Consulting, Custom Development, 24x7 support -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers