Skip site navigation (1) Skip section navigation (2)

Re: Thoughts on the location of configuration files

From: Lamar Owen <lamar(dot)owen(at)wgcr(dot)org>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Thoughts on the location of configuration files
Date: 2001-12-19 06:13:29
Message-ID: 200112190613.BAA28925@www.wgcr.org (view raw or flat)
Thread:
Lists: pgsql-hackers
On Wednesday 19 December 2001 01:09 am, Tom Lane wrote:
> Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
> >> Seems to me that someone who thinks the executables should be root-owned
> >> is likely to think the same of the config files.

> > Sorry to disappoint you :-).
 ...
> > However, IMHO, for best security, the executables do need to be root
> > owned.

> his exploit by overwriting the executables with malicious code.  If the
> config files can be overwritten by the postgres user, then you still
> have an avenue for an attacker to expand his privileges.  Example: he
> can trivially become postgres superuser after altering pg_hba.conf.

This much is true.  Hmmm. More thought required.
-- 
Lamar Owen
WGCR Internet Radio
1 Peter 4:11

In response to

pgsql-hackers by date

Next:From: Lamar OwenDate: 2001-12-19 06:23:34
Subject: Re: Thoughts on the location of configuration files
Previous:From: Tom LaneDate: 2001-12-19 06:09:15
Subject: Re: Thoughts on the location of configuration files

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group