On Mon, 2008-11-24 at 22:09 +0900, KaiGai Kohei wrote: > I removed the two hooks at the r1244 patch set. > As you said, it is fundamentally danger to load uncertain binary modules. > Thus, what we should do is checks on module loading. > > The default security policy requires loadable modules to be labeled as > 'lib_t' type which means shared library files installed correctly.
We definitely want to include add-in modules with high security systems, e.g. GIS and oracle compatibility functions. -- Simon Riggs www.2ndQuadrant.com PostgreSQL Training, Services and Support -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
