Magnus Hagander wrote:
Instead of trying to pick on one feature, how about trying something
constructive instead? Let's say we add a GUC like "restrict_superuser",
that disables COPY to local files, untrusted procedural languages (both
creation and using the ones that already exist), the new access
functions, the LOAD command etc. Then the admin can chose what to do
about superuser access levels - the requirement may dependon SELinux for
example.
I could go for this.
Creating a setting that disallowed creation/calling of plperlu
functions would be fairly trivial.
I still think, security considerations aside, that an API for config
settings would be a much better piece of design than providing file
system access functions.
cheers
andrew
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
