PROGRAM task whitelist #767
artemzhdev
started this conversation in
Ideas
Replies: 1 comment
-
|
You could run another pg_timetable instance which will have only access to the script. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Is your feature request related to a problem? Please describe.
I have pg_timetable running on linux. My chains and task definitions are taken from postgres database.
Currently for security reasons I have parameter "--no-program-tasks" defined in my service.
But I want to allow running of a single specific sh script. Unfortunately I can only allow all or nothing.
If I disable --no-program-tasks it brings a vulnerability - if somebody gets access to my postgres database then it's possible to run any script on behalf of my pg_timetable linux user. It's not sudo, but still not appreciated.
Describe the solution you'd like
Would be nice to have a whitelist of allowed commands. It can be either optional parameter --program-task-whitelist or PGTT_PROGRAM_TASK_WHITELIST environment variable (or some other meaningful name).
Beta Was this translation helpful? Give feedback.
All reactions