Skip site navigation (1) Skip section navigation (2)

Re: Installing PostgreSQL as "postgress" versus "root"

From: Scott Marlowe <smarlowe(at)g2switchworks(dot)com>
To: "Uwe C(dot) Schroeder" <uwe(at)oss4u(dot)com>
Cc: PostgreSQL Admin <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Installing PostgreSQL as "postgress" versus "root"
Date: 2005-01-13 21:36:16
Message-ID: 1105652176.24795.106.camel@state.g2switchworks.com (view raw or flat)
Thread:
Lists: pgsql-admin
On Thu, 2005-01-13 at 15:13, Uwe C. Schroeder wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thursday 13 January 2005 10:52 am, Goulet, Dick wrote:
> > Doug,
> >
> > 	OK, Assume that the binaries are installed under root, but a
> > hacker cracks PostGres, what is to stop him/her from trashing all of the
> > database files in the first place?  Their not owned by root.  Installing
> > malware, whether it's actual code or destroying/defacing files causes
> > similar if not identical problems.  At least their restricted to the
> > postgres user.  And in my book the executables are of zero value whereas
> > the data files, and their contained data, are of infinite value.  So
> > under your scheme we're protecting the least valuable part of the
> > system at the expense of the most valuable.
> 
> So where is the difference? If all executables AND the data is under the 
> postgres account - an intruder hacking the postgres account would still be 
> able to destroy your data. 
> BTW: most commercial software needs root access to be installed - and be it 
> just to create the user accounts. It doesn't really matter who owns the 
> executables - if the account owning the files is hacked you're screwed 
> anyways. When it comes to protecting the data which is the most important 
> thing after all, replication and backup are your friends. For my larger 
> customers I'm running replication to two offsite servers (one east-coast, one 
> texas, just to make sure they're fine when the next earthquake hits) and I do 
> backups every 8 hours - which are written to a tape and distributed to 
> another set of offsite servers using rdist. So whatever happens the max they 
> could ever possibly lose is 8 hours, except there is a full blown nuclear 
> attack on the whole US - in which case nobody would care about the data 
> anyways.

Like someone pointed out, it might be quite possible to install a
trojaned psql executable or some equivalent to harvest passwords, or
even a version that when executed by root on accident (i.e. the sysadmin
forgets he's logged in as root and runs psql) which then installs a root
kit.

Also, it might make it easier for a hacker to cover his tracks if he can
write to the postgresql binaries.  

In response to

pgsql-admin by date

Next:From: Bruce MomjianDate: 2005-01-13 21:44:34
Subject: Re: Installing PostgreSQL as "postgress" versus "root" Debate!
Previous:From: Goulet, DickDate: 2005-01-13 21:33:15
Subject: Re: Installing PostgreSQL as "postgress" versus "root" Debate!

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group