Re: recent Debian Postgres security update

On Thu, 2002-09-12 at 22:58, Imre Oolberg wrote:
> Hi!
>
> I use debian woody and postgres
> version 7.2.1 which. i am tring to keep my system up with official debian
> fixes and updates.
>
> I did the usual apt-get update && apt-get upgrade and forgot to configure
> in pg_hba.conf 'local all trust'. Now it seemingly works all right but i
> am worried about the message it gave:
>
> Sorry! I need unrestricted access in /etc/postgresql/pg_hba.conf to update
> the databases.
>
> I wonder if you could give me advice what to do to 'update the databases'
> properly or should i be worried at all about it? Or i am all right until
> next fix when the trouble begins for me?
>
> I looked around and saw that one place which contains this Sorry! etc
> thing ise enable_lang script which executes in turn createlang script.
> In my case the following query produces output like that
>
>
> template1=# select * from pg_language;
> lanname | lanispl | lanpltrusted | lanplcallfoid | lancompiler
> ----------+---------+--------------+---------------+-------------
> internal | f | f | 0 | n/a
> C | f | f | 0 | /bin/cc
> sql | f | f | 0 | postgres
> plpgsql | t | t | 291431 |
>
> Or should i just issue 'enable_lang --all' or better use backups sooner
> the better ...

In fact this query should have been sent to the Debian debian-user
mailing list or to me as Debian maintainer. You can't expect the
upstream PostgreSQL community to deal with distribution packaging
issues. You can contact any package maintainer by emailing
<package>@packages.debian.org (substituting the package name for
<package>).

You don't have any particular problem here. The package will install
plpgsql, plperl and pltcl in every database if it can. Since your
pg_hba.conf didn't allow that, it didn't happen. All it means is that
you need to install them for yourself if you want them.

For some of its operations, particularly where an initdb and reload of
data is required, the install script will rewrite pg_hdb.conf to give
itself access. I can't think at the moment if I simply don't do that
for this particular operation or if something has gone wrong with it.

--
Oliver Elphick Oliver(dot)Elphick(at)lfix(dot)co(dot)uk
Isle of Wight, UK
http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
========================================
"Let the wicked forsake his way, and the unrighteous
man his thoughts; and let him return unto the LORD,
and He will have mercy upon him; and to our God, for
he will abundantly pardon." Isaiah 55:7