Re: [INTERFACES] pg_pwd

From: "Sergio A(dot) Kessler" <ser(at)perio(dot)unlp(dot)edu(dot)ar>
To: "pgsql-interfaces(at)postgreSQL(dot)org" <pgsql-interfaces(at)postgreSQL(dot)org>
Subject: Re: [INTERFACES] pg_pwd
Date: 1999-11-19 22:08:59
Message-ID: 3835CA7B.5D7FF6F3@perio.unlp.edu.ar
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-interfaces

Tom Lane wrote:
>
> "Sergio A. Kessler" <ser(at)perio(dot)unlp(dot)edu(dot)ar> writes:
> > what is the funcionality of the file pg_pwd in $PG_DATA ?
> > (no, there is _nothing_ in the docs)
>
> That's cause you don't need to know ;-)
>
> Seriously, it's a flat-file copy of pg_shadow, used by the postmaster
> to do password verification. (The postmaster can't look directly at
> pg_shadow because it cannot participate in database operations.)
> See doc/TODO.detail/pg_shadow.

where ? can you post an absolute url ?

> > and why is world =writable & readable= ?
> > (hey, everybody, wanna know my passwd ?)
>
> It's not really a security hole because it lives inside a directory
> that's mode 700 (unless you tampered with the default permissions
> setup).

in rh6.1 /var/lib/pgsql is 755 (and no, I haven't changed anything)
can you spell "2_KM_DIAMETER_HOLE" ?

> However, I agree it oughta be changed anyway.

having a text file with usernames and *passwords in clear*
world readable & writable make me feel nervous, pretty nervous.
indeed the root user (who isn't the dba) can know anything too
easy...

--
-= Sergio A. Kessler == http://sak.org.ar =-
You can have it soon, cheap and working; choose *two*.

In response to

Browse pgsql-interfaces by date

  From Date Subject
Next Message Tom Lane 1999-11-19 22:43:22 Re: [INTERFACES] pg_pwd
Previous Message Wayne Liang 1999-11-19 18:32:08 Problem with compiling programs