Skip site navigation (1) Skip section navigation (2)

Re: [INTERFACES] pg_pwd

From: "Sergio A(dot) Kessler" <ser(at)perio(dot)unlp(dot)edu(dot)ar>
To: Lamar Owen <lamar(dot)owen(at)wgcr(dot)org>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-interfaces(at)postgreSQL(dot)org" <pgsql-interfaces(at)postgreSQL(dot)org>
Subject: Re: [INTERFACES] pg_pwd
Date: 1999-11-21 23:53:15
Message-ID: 383885EB.8AD038FA@perio.unlp.edu.ar (view raw or flat)
Thread:
Lists: pgsql-interfaces
Lamar Owen wrote:

> The RPM installation makes the directory automatically -- owned by user
> postgres, mode 755.  A two byte change in the spec file and rebuilding the
> RPM's will fix this  to mode 700 from the packaging end.  HOWEVER, if someone
> already has the RPM's, all they need to do is run, as root, 'chmod 0700
> /var/lib/pgsql' -- much quicker than a multimegabyte download of a new RPM set
> that contains no real fixes.

maybe no real fixes ... but the current state is that we have a 
security hole more bigger than the crater of gorongoro.

I agreed on doing just a chmod, but lots of people wouldn't do that, 
then you have to provide a smooth migration path in the next release, 
changing pgdata from 755 (created with the rpm) to 700.

> Now, if a sloppy admin goes in and changes things after the installation, that
> is their own problem.

yup, but it was not me who chmod'ed 755 /var/lib/pgsql nor 
chmod'ed 666 pg_pwd, leaving all passwords in clear to all
users on the system, not me ...


-- 
-=  Sergio A. Kessler     ==    http://sak.org.ar  =-
You can have it soon, cheap and working; choose *two*.

In response to

Responses

pgsql-interfaces by date

Next:From: Hossein S. ZadehDate: 1999-11-22 00:46:28
Subject: Re: [INTERFACES] Date: Fri, 19 Nov 1999 11:25:20 +1200
Previous:From: Douglas ThomsonDate: 1999-11-21 06:14:42
Subject: Re: [INTERFACES] Front end memory consumption in SELECT

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group