Bruce Momjian wrote:

As a super-user, could an attacker load a server-side language and
access the backend environment variable PGDATA.

plperl won't do it, but plperlu will (as expected I guess). But the superuser will have to jump through some explicit hoops in order to get there, which is different from providing such facilities out of the box.



---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

Reply via email to