Quick Links

Re: Security implications of config-file-location patch

From:	Andrew Dunstan <andrew(at)dunslane(dot)net>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Security implications of config-file-location patch
Date:	2004-10-08 02:22:14
Message-ID:	4165F9D6.5090909@dunslane.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Tom Lane wrote:

>
>I am sort of on the fence about this. I am thinking that it would be
>good to expose this information, but *only* to superusers. It would not
>take much code to add a GUC variable flag bit that prevents
>non-superusers from examining the value of the GUC variable, and only a
>little more code to reflect the correct paths into these variables all
>the time.
>
>
>
>

On the basis that I can't see that anyone but the superuser has a
legitimate interest in the info, this sounds good.

cheers

andrew

In response to

Security implications of config-file-location patch at 2004-10-08 01:55:32 from Tom Lane

Responses

Re: Security implications of config-file-location patch at 2004-10-08 04:21:06 from Bruce Momjian

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Reini Urban	2004-10-08 02:42:57	Re: more dirmod CYGWIN
Previous Message	Tom Lane	2004-10-08 01:55:32	Security implications of config-file-location patch