Re: WAL file location

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Lamar Owen <lamar(dot)owen(at)wgcr(dot)org>
Cc: Curt Sampson <cjs(at)cynic(dot)net>, Andrew Sullivan <andrew(at)libertyrms(dot)info>, Thomas Lockhart <lockhart(at)fourpalms(dot)org>, PostgreSQL Hackers List <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: WAL file location
Date: 2002-07-31 03:51:38
Message-ID: 24400.1028087498@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
>> Ah. See, we already have a failure in a security analysis here. This
>> command:
>> CREATE DATABASE foo WITH LOCATION = 'BAR'
>> uses a string that's in the environment.

> And requires you to be a database superuser anyway.

CREATE DATABASE does not require superuser privs, only createdb
which is not usually considered particular dangerous.

Whether you think that there is a potentially-exploitable security hole
here is not really the issue. The point is that two different arguments
have been advanced against using environment variables for configuration
(if you weren't counting, (1) possible security issues now or in the
future and (2) lack of consistency between manual and boot-script
startup), while zero (as in 0, nil, nada) arguments have been advanced
in favor of using environment variables instead of configuration files.
I do not see why we are debating the negative when there is absolutely
no case on the positive side.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Yuva Chandolu 2002-07-31 03:53:06 Outer join differences
Previous Message Bruce Momjian 2002-07-31 03:50:38 Open 7.3 items