John Heasman <[EMAIL PROTECTED]> writes:
> It appears that low privileged users can invoke the LOAD extension to load
> arbitrary libraries into the postgres process space.
Hmm. Creating C functions is restricted to superusers, but I guess no
one ever noticed that LOAD isn't. On a platform where that can execute
initialization functions this does seem like a security issue.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster
