| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Stephan Szabo <sszabo(at)megazone(dot)bigpanda(dot)com>, Andreas Pflug <pgadmin(at)pse-consulting(dot)de>, PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: logfile subprocess and Fancy File Functions |
| Date: | 2004-07-24 15:12:27 |
| Message-ID: | 4432.1090681947@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Thinking we have security because they can't guess
> pgdata seems like security through obscurity to me.
Sure, but it's still a useful roadblock to throw in an attacker's way.
I spent many years doing computer security stuff, and one thing I
learned is that the more layers of security you can have, the better.
You don't put all your faith in any one roadblock; you erect a series
of them that an attacker will have to break through all of. If some
of 'em are a little porous, that doesn't make 'em useless.
In today's context, I think the main point of requiring an attacker
to guess $PGDATA is that it helps avoid the "software monoculture"
syndrome. If someone did manage to write a Postgres-based virus that
involved an exploit in this area, it could only spread to machines
that had the $PGDATA value the virus writer was expecting.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2004-07-24 15:13:11 | Re: autovauum integration patch: Attempt #4 |
| Previous Message | Tom Lane | 2004-07-24 14:50:23 | Re: logfile subprocess and Fancy File Functions |