Skip site navigation (1) Skip section navigation (2)

Re: Bug in createlang?

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Richard Huxton <dev(at)archonet(dot)com>, "Thomas T(dot) Veldhouse" <veldy(at)veldy(dot)net>, <pgsql-general(at)postgresql(dot)org>
Subject: Re: Bug in createlang?
Date: 2001-09-06 10:21:58
Message-ID: Pine.LNX.4.30.0109061218210.823-100000@peter.localdomain (view raw or flat)
Thread:
Lists: pgsql-generalpgsql-hackerspgsql-patches
Bruce Momjian writes:

> Does anyone have a comment on this?  I wrote it a month ago.

The fact that the database server is wide-open in the default installation
is surely not good, but the problem is that we don't have a universally
accepted way to lock it down.  We could make password authentication the
default, but that would annoy a whole lot of people.  Another option would
be to set the unix domain socket permissions to 0200 by default, so only
the user that's running the server can get in.  I could live with that;
not sure about others.


> > > Richard Huxton <dev(at)archonet(dot)com> writes:
> > > > "Thomas T. Veldhouse" wrote:
> > > >> Why does it ask 4 times?
> > >
> > > > createlang is just a script - it basically runs "/path/to/psql $QUERY" -
> > > > each query connects a separate time.
> > >
> > > Note that running a setup that requires password auth for the DBA will
> > > also be a major pain in the rear when running pg_dumpall: one password
> > > prompt per database, IIRC.  We have other scripts that make more than
> > > one database connection, too.
> >
> > This brings up an issue I am concerned about.  Right now, when we
> > install the database with initdb, we basically are wide-opened to any
> > local user who wants to connect to the database as superuser.  In fact,
> > someone could easily install a function in template1 that bypasses
> > database security so even after you put a password on the superuser and
> > others, they could bypass security.
> >
> > Do people have a good solution for this problem?  Should be be
> > installing a password for the super-user at initdb time?  I see initdb
> > has this option:
> >
> >        --pwprompt
> >
> >        -W     Makes  initdb prompt for a password of the database
> >               superuser. If you  don't  plan  on  using  password
> >               authentication,  this  is not important.  Otherwise
> >               you won't be able to  use  password  authentication
> >               until you have a password set up.
> >
> > Do people know they should be using this initdb option if they don't
> > trust their local users?  I see no mention of it in the INSTALL file.
> >
> > I see it does:
> >
> > # set up password
> > if [ "$PwPrompt" ]; then
> >     $ECHO_N "Enter new superuser password: "$ECHO_C
> >     stty -echo > /dev/null 2>&1
> >     read FirstPw
> >     stty echo > /dev/null 2>&1
> >     echo
> >     $ECHO_N "Enter it again: "$ECHO_C
> >     stty -echo > /dev/null 2>&1
> >     read SecondPw
> >     stty echo > /dev/null 2>&1
> >     echo
> >     if [ "$FirstPw" != "$SecondPw" ]; then
> >         echo "Passwords didn't match." 1>&2
> >         exit_nicely
> >     fi
> >     echo "ALTER USER \"$POSTGRES_SUPERUSERNAME\" WITH PASSWORD '$FirstPw'" \
> >         | "$PGPATH"/postgres $PGSQL_OPT template1 > /dev/null || exit_nicely
> >     if [ ! -f $PGDATA/global/pg_pwd ]; then
> >         echo "The password file wasn't generated. Please report this problem." 1>&2
> >         exit_nicely
> >     fi
> >
> > --
> >   Bruce Momjian                        |  http://candle.pha.pa.us
> >   pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 853-3000
> >   +  If your life is a hard drive,     |  830 Blythe Avenue
> >   +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 6: Have you searched our list archives?
> >
> > http://www.postgresql.org/search.mpl
> >
>
>

-- 
Peter Eisentraut   peter_e(at)gmx(dot)net   http://funkturm.homeip.net/~peter


In response to

Responses

pgsql-hackers by date

Next:From: Hannu KrosingDate: 2001-09-06 10:28:43
Subject: Re: Inherited Table
Previous:From: Peter EisentrautDate: 2001-09-06 10:04:03
Subject: Re: Log rotation?

pgsql-patches by date

Next:From: Peter EisentrautDate: 2001-09-06 10:30:21
Subject: Re: Patch for pl/tcl Tcl_ExternalToUtf and Tcl_UtfToExternal
Previous:From: Karel ZakDate: 2001-09-06 06:45:18
Subject: Re: encoding names

pgsql-general by date

Next:From: Jefim MatskinDate: 2001-09-06 11:21:25
Subject: a simple programming question
Previous:From: Colin 't HartDate: 2001-09-06 10:05:23
Subject: Re: MySQL's (false?) claims... (was: Re: PL/java?)

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group