Skip site navigation (1) Skip section navigation (2)

Re: Installing PostgreSQL as "postgress" versus "root" Debate!

From: "Uwe C(dot) Schroeder" <uwe(at)oss4u(dot)com>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: PostgreSQL Admin <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Installing PostgreSQL as "postgress" versus "root" Debate!
Date: 2005-01-13 22:47:01
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-admin
Hash: SHA1

On Thursday 13 January 2005 01:44 pm, Bruce Momjian wrote:
> Uwe C. Schroeder wrote:
> [ PGP not available, raw data follows ]
> > Hash: SHA1
> >
> > On Thursday 13 January 2005 10:52 am, Goulet, Dick wrote:
> > > Doug,
> > >
> > > 	OK, Assume that the binaries are installed under root, but a
> > > hacker cracks PostGres, what is to stop him/her from trashing all of
> > > the database files in the first place?  Their not owned by root. 
> > > Installing malware, whether it's actual code or destroying/defacing
> > > files causes similar if not identical problems.  At least their
> > > restricted to the postgres user.  And in my book the executables are of
> > > zero value whereas the data files, and their contained data, are of
> > > infinite value.  So under your scheme we're protecting the least
> > > valuable part of the system at the expense of the most valuable.
> >
> > So where is the difference? If all executables AND the data is under the
> > postgres account - an intruder hacking the postgres account would still
> > be able to destroy your data.
> To me the difference is that if you your postgres account is hacked and
> you installed as root you can delete your /data and start over knowing
> the rest of your install is OK.  If your binaries are owned by postgres,
> you have to reinstall too.
> Of course you might as well reinstall anyway but there is a difference
> in knowing the state of the non-/data files.

You're right on that one. Although I had a machine hacked a while back (well, 
I missed updating the flawed ssh version on there). The hacker wasn't really 
interested in the data, he just wanted another machine to start attacks from 
- - however he managed to install a rootkit. In the case one of my machines is 
hacked I generally scratch the whole machine and reinstall it.  There are so 
many ways to mess with the machine that I'm not willing to take the risk 
missing something the hacker left behind. 
It would be time to suggest to the linux kernel developers what BSD had for a 
long time: The nice flag to lock files even for root access. The only way to 
set or reset that flag on BSD is to shut the machine down in single user 
mode. If you flag all binaries and configuration files you can be pretty sure 
that even with a rootkit the hacker doesn't get far :-) On the other hand 
it's not very good for machines that have to be up 24/7, so this extra 
security comes at the trade off on downtime to reconfigure something.


- --
Open Source Solutions 4U, LLC	2570 Fleetwood Drive
Phone:  +1 650 872 2425		San Bruno, CA 94066
Cell:   +1 650 302 2405		United States
Fax:    +1 650 872 2417
Version: GnuPG v1.2.3 (GNU/Linux)


In response to

pgsql-admin by date

Next:From: Tomeh, HusamDate: 2005-01-14 00:08:56
Subject: Re: Installing PostgreSQL as "postgress" versus "root"
Previous:From: Bruce MomjianDate: 2005-01-13 21:44:34
Subject: Re: Installing PostgreSQL as "postgress" versus "root" Debate!

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group