| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Neil Conway <neilc(at)samurai(dot)com> |
| Cc: | Dave Page <dpage(at)vale-housing(dot)co(dot)uk>, Ian FREISLICH <if(at)hetzner(dot)co(dot)za>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: [PATCH] pg_autovacuum commandline password hiding. |
| Date: | 2005-05-25 03:36:34 |
| Message-ID: | 7998.1116992194@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Neil Conway <neilc(at)samurai(dot)com> writes:
> Tom Lane wrote:
>> I don't offhand know of any Unix platforms where they cannot be found
>> out
> I don't know which platforms it is secure/insecure on, but I can
> certainly imagine secure systems where ps(1) data in general is viewed
> as sensitive and thus not made globally visible.
It's imaginable, but can you point to any real examples? The historical
tradition is that command-line parameters are visible, and therefore
Unix programs are invariably designed to not expose security information
on the command line, and therefore there is no security motivation to
hide command lines. It's a tight little cause-and-effect loop.
Unfortunately, pg_autovacuum didn't get the word, and so we are creating
an opportunity for people to shoot themselves in the foot. I think
that's a bug to be fixed.
> I don't think there is sufficient justification for removing this
> feature and breaking users of a stable release series.
"Breaking" obviously-insecure usages is exactly the intention.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Neil Conway | 2005-05-25 04:29:55 | Re: [PATCH] pg_autovacuum commandline password hiding. |
| Previous Message | Neil Conway | 2005-05-25 03:22:23 | Re: [PATCH] pg_autovacuum commandline password hiding. |