On Tue, Jul 30, 2002 at 02:05:57PM -0400, Tom Lane wrote:
>
> If we add more environment-variable-dependent mechanisms to allow more
> different things to be done, we increase substantially the odds of
> creating an exploitable security hole.
Ok, true enough, but I'm not sure that a config file or any other
such mechanism is any safer. As Lamar Owen said, anyone who can
poison the postgres user's environment can likely do evil things to
postgresql.conf as well. Still, environment variables _are_ a
notorious weak point for crackers.
As I said, I don't much care how it is implemented, but I think
_that_ it is implemented is important, at least for our (Liberty's)
uses. If the only way it's going to be done is to accept a potential
security risk, maybe the answer is to allow the security risk, but
set by default to off.
A
--
----
Andrew Sullivan 87 Mowat Avenue
Liberty RMS Toronto, Ontario Canada
<andrew@libertyrms.info> M6K 3E3 +1 416 646 3304
x110