> > > I think any secure solution is going to have to block all write > > > access to postgresql.conf, and that includes all the COPY > TO and all > > > the untrusted languages. > > > > Exactly. But we won't get that for 8.1. So for now, we > block all write > > access through *new* functions, per the "let's at least not > add more > > security holes" rule. > > As far as I know, the only new functionality the patch adds > _over_ copy is the ability to write nulls, and rename/unlink. > Should we just throw an error when writing null bytes?
Um. Yes. This patch goes one step further and allows you to block the writing of *any* file using these functions. The question is wether that one step further is far enough.. //Magnus ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly