From: | "Sergio A(dot) Kessler" <ser(at)perio(dot)unlp(dot)edu(dot)ar> |
---|---|
To: | Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-interfaces(at)postgreSQL(dot)org" <pgsql-interfaces(at)postgreSQL(dot)org> |
Subject: | Re: [INTERFACES] pg_pwd |
Date: | 1999-11-21 23:53:15 |
Message-ID: | 383885EB.8AD038FA@perio.unlp.edu.ar |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-interfaces |
Lamar Owen wrote:
> The RPM installation makes the directory automatically -- owned by user
> postgres, mode 755. A two byte change in the spec file and rebuilding the
> RPM's will fix this to mode 700 from the packaging end. HOWEVER, if someone
> already has the RPM's, all they need to do is run, as root, 'chmod 0700
> /var/lib/pgsql' -- much quicker than a multimegabyte download of a new RPM set
> that contains no real fixes.
maybe no real fixes ... but the current state is that we have a
security hole more bigger than the crater of gorongoro.
I agreed on doing just a chmod, but lots of people wouldn't do that,
then you have to provide a smooth migration path in the next release,
changing pgdata from 755 (created with the rpm) to 700.
> Now, if a sloppy admin goes in and changes things after the installation, that
> is their own problem.
yup, but it was not me who chmod'ed 755 /var/lib/pgsql nor
chmod'ed 666 pg_pwd, leaving all passwords in clear to all
users on the system, not me ...
--
-= Sergio A. Kessler == http://sak.org.ar =-
You can have it soon, cheap and working; choose *two*.
From | Date | Subject | |
---|---|---|---|
Next Message | Hossein S. Zadeh | 1999-11-22 00:46:28 | Re: [INTERFACES] Date: Fri, 19 Nov 1999 11:25:20 +1200 |
Previous Message | Douglas Thomson | 1999-11-21 06:14:42 | Re: [INTERFACES] Front end memory consumption in SELECT |