| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org, Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
| Subject: | Re: pg_settings.sourcefile patch is a security breach |
| Date: | 2008-09-23 21:13:07 |
| Message-ID: | 48D95BE3.9070706@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Magnus Hagander wrote:
> Tom Lane wrote:
>> We go to some lengths to prevent non-superusers from examining
>> data_directory and other values that would tell them exactly where the
>> PG data directory is in the server's filesystem. The recently applied
>> patch to expose full pathnames of GUC variables' source files blows a
>> hole a mile wide in that.
>>
>> Possible answers: don't show the path, only the file name; or
>> show sourcefile/sourceline as NULL to non-superusers.
>
> My vote goes for showing it as NULL to non-superusers. If we remove the
> path, that makes it pretty darn useless for admin tools - which was the
> main reason it was added in the first place..
>
> And "showing full path for superuser, just filename for non-superusers"
> just seems to be way too ugly to consider :-)
I've applied a patch that does this.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2008-09-23 21:18:35 | Re: 8.3 .4 + Vista + MingW + initdb = ACCESS_DENIED |
| Previous Message | Simon Riggs | 2008-09-23 21:10:33 | Re: parallel pg_restore |