| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | The Hermit Hacker <scrappy(at)hub(dot)org> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [HACKERS] reduce pg_hba.conf restrictions ... |
| Date: | 2000-02-01 03:43:24 |
| Message-ID: | 12632.949376604@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
The Hermit Hacker <scrappy(at)hub(dot)org> writes:
> is there any reason why we can't make the permissions on pg_hba.conf 600
> vs 400? the data directory itself is only readable by the 'superuser'...
I think the motivation may have been to prevent an attacker who manages
to connect as superuser from overwriting the pg_hba.conf file with
something more liberal (using backend-side COPY). However, if he's
already managed to connect as superuser, it's difficult to see what
he needs more-liberal connection privileges for.
600 does seem a lot more convenient for the admin. 400 might save
the admin from some simple kinds of human error --- but not if he's
already in the habit of overriding the protection whenever he updates
the file.
In short, I agree. Does anyone else see any real security gain from
making it 400?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2000-02-01 03:52:37 | Re: [HACKERS] freefuncs.c is never called from anywhere!? |
| Previous Message | Bruce Momjian | 2000-02-01 03:38:02 | Re: [HACKERS] Re: Case-folding bogosity in new psql |