| From: | Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Thoughts on the location of configuration files |
| Date: | 2001-12-19 06:13:29 |
| Message-ID: | 200112190613.BAA28925@www.wgcr.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wednesday 19 December 2001 01:09 am, Tom Lane wrote:
> Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
> >> Seems to me that someone who thinks the executables should be root-owned
> >> is likely to think the same of the config files.
> > Sorry to disappoint you :-).
...
> > However, IMHO, for best security, the executables do need to be root
> > owned.
> his exploit by overwriting the executables with malicious code. If the
> config files can be overwritten by the postgres user, then you still
> have an avenue for an attacker to expand his privileges. Example: he
> can trivially become postgres superuser after altering pg_hba.conf.
This much is true. Hmmm. More thought required.
--
Lamar Owen
WGCR Internet Radio
1 Peter 4:11
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Lamar Owen | 2001-12-19 06:23:34 | Re: Thoughts on the location of configuration files |
| Previous Message | Tom Lane | 2001-12-19 06:09:15 | Re: Thoughts on the location of configuration files |