Lamar Owen wrote:
> The RPM installation makes the directory automatically -- owned by user
> postgres, mode 755. A two byte change in the spec file and rebuilding the
> RPM's will fix this to mode 700 from the packaging end. HOWEVER, if someone
> already has the RPM's, all they need to do is run, as root, 'chmod 0700
> /var/lib/pgsql' -- much quicker than a multimegabyte download of a new RPM set
> that contains no real fixes.
maybe no real fixes ... but the current state is that we have a
security hole more bigger than the crater of gorongoro.
I agreed on doing just a chmod, but lots of people wouldn't do that,
then you have to provide a smooth migration path in the next release,
changing pgdata from 755 (created with the rpm) to 700.
> Now, if a sloppy admin goes in and changes things after the installation, that
> is their own problem.
yup, but it was not me who chmod'ed 755 /var/lib/pgsql nor
chmod'ed 666 pg_pwd, leaving all passwords in clear to all
users on the system, not me ...
-= Sergio A. Kessler == http://sak.org.ar =-
You can have it soon, cheap and working; choose *two*.
In response to
pgsql-interfaces by date
|Next:||From: Hossein S. Zadeh||Date: 1999-11-22 00:46:28|
|Subject: Re: [INTERFACES] Date: Fri, 19 Nov 1999 11:25:20 +1200|
|Previous:||From: Douglas Thomson||Date: 1999-11-21 06:14:42|
|Subject: Re: [INTERFACES] Front end memory consumption in SELECT|