| From: | Neil Conway <neilc(at)samurai(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Dave Page <dpage(at)vale-housing(dot)co(dot)uk>, Ian FREISLICH <if(at)hetzner(dot)co(dot)za>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: [PATCH] pg_autovacuum commandline password hiding. |
| Date: | 2005-05-25 04:29:55 |
| Message-ID: | 4293FF43.6020506@samurai.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Tom Lane wrote:
> Neil Conway <neilc(at)samurai(dot)com> writes:
>>I don't know which platforms it is secure/insecure on, but I can
>>certainly imagine secure systems where ps(1) data in general is viewed
>>as sensitive and thus not made globally visible.
>
>
> It's imaginable, but can you point to any real examples?
FreeBSD's MAC (security.mac.seeotheruids.enabled sysctl) and the
Openwall Linux kernel patch are the first examples I found, but I didn't
spend long searching.
>>I don't think there is sufficient justification for removing this
>>feature and breaking users of a stable release series.
>
> "Breaking" obviously-insecure usages is exactly the intention.
But it's not "obviously-insecure". In some situations it is perfectly
secure (or security isn't important), but there are better alternatives
(e.g. using trust authentication, as you suggest).
-Neil
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2005-05-25 08:37:20 | Re: Translation updates: pt_BR |
| Previous Message | Tom Lane | 2005-05-25 03:36:34 | Re: [PATCH] pg_autovacuum commandline password hiding. |