Skip site navigation (1) Skip section navigation (2)

Re: Thoughts on the location of configuration files

From: Mike Mascari <mascarm(at)mascari(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Lamar Owen <lamar(dot)owen(at)wgcr(dot)org>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Thoughts on the location of configuration files
Date: 2001-12-19 09:16:56
Message-ID: 3C205B08.30EDF894@mascari.com (view raw or flat)
Thread:
Lists: pgsql-hackers
Tom Lane wrote:
> 
> Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
> >> Seems to me that someone who thinks the executables should be root-owned
> >> is likely to think the same of the config files.
> 
> > Sorry to disappoint you :-).
> > ...
> > However, IMHO, for best security, the executables do need to be root owned.
> 
> Or at least not owned/writable by the postgres user.  Sure, that seems
> like a good idea for a high-security installation.  But I always thought
> the motivation for that rule was to prevent someone who'd gained some
> control of the program (eg via a buffer-overrun exploit) from expanding
> his exploit by overwriting the executables with malicious code.  If the
> config files can be overwritten by the postgres user, then you still
> have an avenue for an attacker to expand his privileges.  Example: he
> can trivially become postgres superuser after altering pg_hba.conf.

One of the nice features of putting configuration files in /etc
instead of /var is that some people like to mount the root
filesystem (non-/var directories) read-only on a disc that is
physically jumpered read-only, or some other read-only media. Its an
attempt to prevent buffer exploits from modifying executables and
configuration files, even if root is achieved. Of course, it
wouldn't stop someone with destroying anything in /var, but it at
least limits the potential damage in some meaningful way.

Mike Mascari
mascarm(at)mascari(dot)com

In response to

pgsql-hackers by date

Next:From: Zeugswetter Andreas SB SDDate: 2001-12-19 09:29:09
Subject: Re: [PATCHES] Problem compiling postgres sql --with-tcl
Previous:From: Dave PageDate: 2001-12-19 09:07:14
Subject: Re: Thoughts on the location of configuration files

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group