Excerpts from Robert Haas's message of dom abr 10 13:37:46 -0300 2011:

> It's maybe worth noting here that what's being asked for is roughly
> what you get from UNIX's distinction between euid and ruid.  Many
> programs that run setuid root perform a few operations that require
> root privileges up front, and then drop privs.  To what degree that
> model applies in an SQL environment I'm not sure, but it might be
> worth looking at some of the parallels, as well as some of the ways
> that the UNIX mechanism has managed to cause all sorts of privilege
> escalation bugs over the years, to make sure we don't repeat those
> mistakes.

Thanks for mentioning that.  It made me recall a couple of articles I
read some time ago,
http://lwn.net/Articles/416494/
and
http://www.cis.upenn.edu/~KeyKOS/ConfusedDeputy.html

-- 
Álvaro Herrera <alvhe...@commandprompt.com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to