From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "Sergio A(dot) Kessler" <ser(at)perio(dot)unlp(dot)edu(dot)ar> |
Cc: | Lamar Owen <lamar(dot)owen(at)wgcr(dot)org>, "pgsql-interfaces(at)postgreSQL(dot)org" <pgsql-interfaces(at)postgreSQL(dot)org> |
Subject: | Re: [INTERFACES] pg_pwd |
Date: | 1999-11-19 22:43:22 |
Message-ID: | 3766.943051402@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-interfaces |
"Sergio A. Kessler" <ser(at)perio(dot)unlp(dot)edu(dot)ar> writes:
>> See doc/TODO.detail/pg_shadow.
> where ? can you post an absolute url ?
Sorry, I forgot that the TODO.detail files are not in the 6.5.*
distribution (they got added to the CVS repository since 6.5).
I'm not sure if they are available separately at the website (Bruce?).
I know you could get them by downloading a current snapshot...
>>>> and why is world =writable & readable= ?
>>>> (hey, everybody, wanna know my passwd ?)
>>
>> It's not really a security hole because it lives inside a directory
>> that's mode 700 (unless you tampered with the default permissions
>> setup).
> in rh6.1 /var/lib/pgsql is 755 (and no, I haven't changed anything)
> can you spell "2_KM_DIAMETER_HOLE" ?
In a standard setup, pg_pwd is inside .../pgsql/data which is mode 700.
Have the RH guys really blown it this badly? (Lamar?)
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Mads Pultz | 1999-11-19 22:47:25 | JDBC compliancy question |
Previous Message | Sergio A. Kessler | 1999-11-19 22:08:59 | Re: [INTERFACES] pg_pwd |