From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Stephan Szabo <sszabo(at)megazone(dot)bigpanda(dot)com>, Andreas Pflug <pgadmin(at)pse-consulting(dot)de>, PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org> |
Subject: | Re: logfile subprocess and Fancy File Functions |
Date: | 2004-07-23 22:06:07 |
Message-ID: | 200407232206.i6NM67R10853@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-patches |
Tom Lane wrote:
> Stephan Szabo <sszabo(at)megazone(dot)bigpanda(dot)com> writes:
> > On Fri, 23 Jul 2004, Andreas Pflug wrote:
> >> What I'd like is
> >>
> >> SELECT pg_file_unlink('postgresql.conf.bak');
> >> SELECT pg_file_write('postgresql.conf.tmp', 'listen_addresses=...');
> >> SELECT pg_file_rename('postgresql.conf.tmp', 'postgresql.conf',
> >> 'postgresql.conf.bak');
> >> SELECT pg_reload_conf();
>
> > I personally don't think the above is the correct approach to allowing
> > configuration editing from remote.
>
> I'm pretty much against allowing configuration editing from remote
> altogether. It would raise the stakes tremendously in terms of what
> an attacker can do once they've acquired a connection with superuser
> rights. Remember that the above could be applied to pg_hba.conf,
> pg_ident.conf, etc just as well as postgresql.conf. Not to mention
> $HOME/.profile and other things the postgres user may own.
Why can't they just use COPY to replace the contents of pg_hba.conf now?
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2004-07-23 22:15:01 | Re: logfile subprocess and Fancy File Functions |
Previous Message | Tom Lane | 2004-07-23 22:04:29 | Re: logfile subprocess and Fancy File Functions |