"Sergio A. Kessler" <ser(at)perio(dot)unlp(dot)edu(dot)ar> writes:
>> See doc/TODO.detail/pg_shadow.
> where ? can you post an absolute url ?
Sorry, I forgot that the TODO.detail files are not in the 6.5.*
distribution (they got added to the CVS repository since 6.5).
I'm not sure if they are available separately at the website (Bruce?).
I know you could get them by downloading a current snapshot...
>>>> and why is world =writable & readable= ?
>>>> (hey, everybody, wanna know my passwd ?)
>> It's not really a security hole because it lives inside a directory
>> that's mode 700 (unless you tampered with the default permissions
> in rh6.1 /var/lib/pgsql is 755 (and no, I haven't changed anything)
> can you spell "2_KM_DIAMETER_HOLE" ?
In a standard setup, pg_pwd is inside .../pgsql/data which is mode 700.
Have the RH guys really blown it this badly? (Lamar?)
regards, tom lane
pgsql-interfaces by date
|Next:||From: Mads Pultz||Date: 1999-11-19 22:47:25|
|Subject: JDBC compliancy question|
|Previous:||From: Sergio A. Kessler||Date: 1999-11-19 22:08:59|
|Subject: Re: [INTERFACES] pg_pwd|