Skip site navigation (1) Skip section navigation (2)

Re: Thoughts on the location of configuration files

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Lamar Owen <lamar(dot)owen(at)wgcr(dot)org>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Thoughts on the location of configuration files
Date: 2001-12-19 06:09:15
Message-ID: 27159.1008742155@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
>> Seems to me that someone who thinks the executables should be root-owned
>> is likely to think the same of the config files.

> Sorry to disappoint you :-).
> ...
> However, IMHO, for best security, the executables do need to be root owned.  

Or at least not owned/writable by the postgres user.  Sure, that seems
like a good idea for a high-security installation.  But I always thought
the motivation for that rule was to prevent someone who'd gained some
control of the program (eg via a buffer-overrun exploit) from expanding
his exploit by overwriting the executables with malicious code.  If the
config files can be overwritten by the postgres user, then you still
have an avenue for an attacker to expand his privileges.  Example: he
can trivially become postgres superuser after altering pg_hba.conf.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Lamar OwenDate: 2001-12-19 06:13:29
Subject: Re: Thoughts on the location of configuration files
Previous:From: Bruce MomjianDate: 2001-12-19 06:07:45
Subject: Re: Thoughts on the location of configuration files

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group