Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Interesting. My reading of the 9.4 docs[1][2] is that set_config can't be used to change one-off settings that require a server restart, such as wal_level. It also doesn't seem to be able to change the config file at all. Is there some way to do that?

I'd also like to know more about how superusers can overwrite files. Do you have a link?

[1] http://www.postgresql.org/docs/9.4/static/functions-admin.ht... [2] http://www.postgresql.org/docs/9.4/static/runtime-config-wal...



Apologies - I was thinking of ALTER SYSTEM [1]. That writes to postgresql.auto.conf. It sounds like that file has priority over postgresql.conf [2]. You might well be able to just prevent writes by the postgres user (or whatever user you're running postgres as).

Regarding superusers overwriting files - COPY can write to anywhere on the filesystem. From the docs "COPY naming a file is only allowed to database superusers, since it allows reading or writing any file that the server has privileges to access." [3].

[1] http://www.postgresql.org/docs/9.4/static/sql-altersystem.ht...

[2] http://michael.otacoo.com/postgresql-2/postgres-9-4-feature-...

[3] http://www.postgresql.org/docs/current/static/sql-copy.html


Also, if you have any untrusted PLs available, a superuser can create one of those and do what they like.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: