On Fri, Mar 22, 2019 at 08:41:06PM +0800, Andrey Borodin wrote: > 22 марта 2019 г., в 19:17, Petr Jelinek <petr.jeli...@2ndquadrant.com> > написал(а): >> I still don't like that we are running the subscription workers as >> superuser even for subscriptions created by regular user. That has >> plenty of privilege escalation issues in terms of how user functions are >> run (we execute triggers, index expressions etc, in that worker). > > Yes, this is important concern, thanks! I think it is not a big deal > to run worker without superuser privileges too.
FWIW, the argument from Petr is very scary. So please let me think that it is a pretty big deal. > Yes, this patch is a pure security implication and nothing else. And this is especially *why* it needs careful screening. >> Independently from the willingness of any committer to work on this >> at current CF, the topic of subscription security relaxation >> really worth efforts. Perhaps, still it seems that we are still discussing about the concept and that we have no clear agreement on what to do. This is not a good sign 8 days before the end of the last commit fest. -- Michael
signature.asc
Description: PGP signature
