> > > I think any secure solution is going to have to block all write 
> > > access to postgresql.conf, and that includes all the COPY 
> TO and all 
> > > the untrusted languages.
> > 
> > Exactly. But we won't get that for 8.1. So for now, we 
> block all write 
> > access through *new* functions, per the "let's at least not 
> add more 
> > security holes" rule.
> 
> As far as I know, the only new functionality the patch adds 
> _over_ copy is the ability to write nulls, and rename/unlink. 
>  Should we just throw an error when writing null bytes?

Um. Yes. This patch goes one step further and allows you to block the
writing of *any* file using these functions. The question is wether that
one step further is far enough..

//Magnus

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
       subscribe-nomail command to [EMAIL PROTECTED] so that your
       message can get through to the mailing list cleanly

Reply via email to