Tom Lane wrote: > John Heasman <[EMAIL PROTECTED]> writes: > > It appears that low privileged users can invoke the LOAD extension > > to load arbitrary libraries into the postgres process space. > > Hmm. Creating C functions is restricted to superusers, but I guess > no one ever noticed that LOAD isn't. On a platform where that can > execute initialization functions this does seem like a security > issue.
I believe all ELF platforms fall into that category. -- Peter Eisentraut http://developer.postgresql.org/~petere/ ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
