> -----Original Message----- > From: Bruce Momjian [mailto:[EMAIL PROTECTED] > Sent: 24 June 2005 18:47 > To: Dave Page > Cc: PostgreSQL-development; Andreas Pflug > Subject: Re: [HACKERS] Server instrumentation patch > > The security issue is that we didn't want the backend to be able to > read/write outside of /pgdata, and I think we have that > working, except
Andreas does indeed appear to be checking to ensure that only files under $PGDATA can be accessed, by disallowing any paths containing '..'. > that I have no idea how it will handle config files outside /pgdata. > Maybe that was in the patch --- I don't know. My reading of the code is that it should work OK if they are symlinked from other locations of course, however if hba_file or ident_file are set to locations outside $PGDATA, then that will not work. The log directory can be accessed if it is outside $PGDATA. I'm sure Andreas can confirm this. > I think we need to see a new patch with just the i/o > functions so we can > review it. Andreas, can you (re)post this please? > I personally think the I/O functions are a good > idea, but I > need to be considerate of others in the community who have concerns. Of course. I know we're pushing hard to get these included, but it's not to try to force in a sub-standard solution, it just seems to us like we're revisiting issues that we thought were resolved. We'll get there in the end :-) /D ---------------------------(end of broadcast)--------------------------- TIP 7: don't forget to increase your free space map settings
