Conversation
Jonathan Corbet
corbet
On the radar: restricting access to "ALTER SYSTEM" in postgresql
Having mutually untrusting users connecting to the same postgresql server is a tricky proposition from the beginning; it's even moreso if, for some reason, some of those users are postgresql superusers. There is a proposal to chip away one piece of the problem by making it possible to disable the ALTER SYSTEM command, which affects global server parameters:
https://lwn.net/ml/pgsql-hackers/CA+VUV5rEKt2+CdC_KUaPoihMu+i5ChT4WVNTr4CD5-xXZUfuQw@mail.gmail.com/
There is disagreement over whether this is a piece of security theater or a useful option for some providers.
Having mutually untrusting users connecting to the same postgresql server is a tricky proposition from the beginning; it's even moreso if, for some reason, some of those users are postgresql superusers. There is a proposal to chip away one piece of the problem by making it possible to disable the ALTER SYSTEM command, which affects global server parameters:
https://lwn.net/ml/pgsql-hackers/CA+VUV5rEKt2+CdC_KUaPoihMu+i5ChT4WVNTr4CD5-xXZUfuQw@mail.gmail.com/
There is disagreement over whether this is a piece of security theater or a useful option for some providers.
0
0
0