Skip site navigation (1) Skip section navigation (2)

Re: [PATCH] pg_autovacuum commandline password hiding.

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Neil Conway <neilc(at)samurai(dot)com>
Cc: Dave Page <dpage(at)vale-housing(dot)co(dot)uk>,Ian FREISLICH <if(at)hetzner(dot)co(dot)za>, pgsql-patches(at)postgresql(dot)org
Subject: Re: [PATCH] pg_autovacuum commandline password hiding.
Date: 2005-05-25 03:36:34
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-patches
Neil Conway <neilc(at)samurai(dot)com> writes:
> Tom Lane wrote:
>> I don't offhand know of any Unix platforms where they cannot be found
>> out

> I don't know which platforms it is secure/insecure on, but I can 
> certainly imagine secure systems where ps(1) data in general is viewed 
> as sensitive and thus not made globally visible.

It's imaginable, but can you point to any real examples?  The historical
tradition is that command-line parameters are visible, and therefore
Unix programs are invariably designed to not expose security information
on the command line, and therefore there is no security motivation to
hide command lines.  It's a tight little cause-and-effect loop.

Unfortunately, pg_autovacuum didn't get the word, and so we are creating
an opportunity for people to shoot themselves in the foot.  I think
that's a bug to be fixed.

> I don't think there is sufficient justification for removing this 
> feature and breaking users of a stable release series.

"Breaking" obviously-insecure usages is exactly the intention.

			regards, tom lane

In response to


pgsql-patches by date

Next:From: Neil ConwayDate: 2005-05-25 04:29:55
Subject: Re: [PATCH] pg_autovacuum commandline password hiding.
Previous:From: Neil ConwayDate: 2005-05-25 03:22:23
Subject: Re: [PATCH] pg_autovacuum commandline password hiding.

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group