On 2013-07-15 12:20:15 +0200, Markus Wanner wrote: > On 07/15/2013 12:05 PM, Andres Freund wrote: > > A superuser can execute native code as postges user. That's it. > > Oh, I though Robert meant postgres users, i.e. non-superusers.
Oh, I am talking about *postgres* superusers ;). The example provided upthread doesn't require 'root' permissions but only database level superuser permissions. > I hereby withdraw my pitchforks: I'm certainly not opposing to simplify > the life of superusers, who already have the power. I think what dimitri has in mind could easily be delegating the "dangerous" work to a suid binary which does policy checking and the real install... Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers