| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Security implications of config-file-location patch |
| Date: | 2004-10-08 05:38:19 |
| Message-ID: | 8148.1097213899@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
>> Good point. Should we obscure pg_tablespace similarly to what we do for
>> pg_shadow?
> Well, if we feel file locations are better left only visible to
> super-users, we should. However, when managing disk space, aren't
> normal users also often interested in which disk drives will store their
> data? I don't see a big value to obscuring pgdata myself.
My gut feeling is that it's more important to obscure pgdata than the
external tablespace locations, basically because non-default tablespaces
are likely to be on secondary disks with no particular relationship to
interesting files (such as ~postgres/.profile). I can't back this up
with a hard argument at this late hour though ...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oliver Jowett | 2004-10-08 06:01:18 | Re: Two-phase commit |
| Previous Message | Tom Lane | 2004-10-08 05:19:58 | Re: SQL-Invoked Procedures for 8.1 |