On Wednesday 19 December 2001 01:09 am, Tom Lane wrote:
> Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
> >> Seems to me that someone who thinks the executables should be root-owned
> >> is likely to think the same of the config files.
> > Sorry to disappoint you :-).
> > However, IMHO, for best security, the executables do need to be root
> > owned.
> his exploit by overwriting the executables with malicious code. If the
> config files can be overwritten by the postgres user, then you still
> have an avenue for an attacker to expand his privileges. Example: he
> can trivially become postgres superuser after altering pg_hba.conf.
This much is true. Hmmm. More thought required.
WGCR Internet Radio
1 Peter 4:11
In response to
pgsql-hackers by date
|Next:||From: Lamar Owen||Date: 2001-12-19 06:23:34|
|Subject: Re: Thoughts on the location of configuration files|
|Previous:||From: Tom Lane||Date: 2001-12-19 06:09:15|
|Subject: Re: Thoughts on the location of configuration files |