On Tue, Nov 15, 2005 at 10:15:01PM +0100, Magnus Hagander wrote: > > Ah, now we are making progress. If there was a way to give up > > file access permissions so you could no longer write files > > to, say, the Windows System directory, this would go a long > > way to solving the issue. Currently, if the Postmaster runs > > as admin, anyone with access to the database could use COPY > > to read and write any file the backend can access. > > Getting rid of the admin and powerusers group should do that, I think.
Look at pgwin32_is_admin(), it just checks if the user is member of one of those two groups. I think we have your solution right here... Have a nice day, -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a > tool for doing 5% of the work and then sitting around waiting for someone > else to do the other 95% so you can sue them.
pgpFwXk1ZmjJq.pgp
Description: PGP signature
