From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> |
Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Thoughts on the location of configuration files |
Date: | 2001-12-19 06:09:15 |
Message-ID: | 27159.1008742155@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
>> Seems to me that someone who thinks the executables should be root-owned
>> is likely to think the same of the config files.
> Sorry to disappoint you :-).
> ...
> However, IMHO, for best security, the executables do need to be root owned.
Or at least not owned/writable by the postgres user. Sure, that seems
like a good idea for a high-security installation. But I always thought
the motivation for that rule was to prevent someone who'd gained some
control of the program (eg via a buffer-overrun exploit) from expanding
his exploit by overwriting the executables with malicious code. If the
config files can be overwritten by the postgres user, then you still
have an avenue for an attacker to expand his privileges. Example: he
can trivially become postgres superuser after altering pg_hba.conf.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Lamar Owen | 2001-12-19 06:13:29 | Re: Thoughts on the location of configuration files |
Previous Message | Bruce Momjian | 2001-12-19 06:07:45 | Re: Thoughts on the location of configuration files |