From: | Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Sergio A(dot) Kessler" <ser(at)perio(dot)unlp(dot)edu(dot)ar> |
Cc: | "pgsql-interfaces(at)postgreSQL(dot)org" <pgsql-interfaces(at)postgreSQL(dot)org> |
Subject: | Re: [INTERFACES] pg_pwd |
Date: | 1999-11-20 22:41:34 |
Message-ID: | 99112017500100.00543@lorc.wgcr.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-interfaces |
On Fri, 19 Nov 1999, Tom Lane wrote:
> > in rh6.1 /var/lib/pgsql is 755 (and no, I haven't changed anything)
> > can you spell "2_KM_DIAMETER_HOLE" ?
>
> In a standard setup, pg_pwd is inside .../pgsql/data which is mode 700.
> Have the RH guys really blown it this badly? (Lamar?)
PGDATA is in fact 755 in the RPM installation. pg_pwd is the only file 666
under this directory.
Since pg_pwd is not very well documented, it is kind of hard to figure out
the permissions -- however, it is simple enough to issue a security advisory
for people to chmod 0700 /var/lib/pgsql.
The change to mode 0700 for PGDATA (which is moving in the future) will be made
in future RPM's. Again, no other file under /var/lib/pgsql under RH6.1 has
group or world permissions EXCEPT pg_pwd.
And yes, this IS a glaring security hole, IF the user postgres has a postgres
password. Just WHY is pg_pwd mode 666 in the first place??
--
Lamar Owen
WGCR Internet Radio
1 Peter 4:11
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 1999-11-20 22:57:58 | Re: [INTERFACES] pg_pwd |
Previous Message | Peter Mount | 1999-11-20 11:31:34 | Re: [INTERFACES] JDBC compliancy question |