On Thu, Jan 13, 2005 at 13:52:41 -0500,
"Goulet, Dick" <DGoulet@vicr.com> wrote:
> Doug,
>
> OK, Assume that the binaries are installed under root, but a
> hacker cracks PostGres, what is to stop him/her from trashing all of the
> database files in the first place? Their not owned by root. Installing
> malware, whether it's actual code or destroying/defacing files causes
> similar if not identical problems. At least their restricted to the
> postgres user. And in my book the executables are of zero value whereas
> the data files, and their contained data, are of infinite value. So
> under your scheme we're protecting the least valuable part of the
> system at the expense of the most valuable.
While often the data is the most valuable thing on the system, being able to
modify the binaries can be leveraged to increase the level of access, since
the binaries run with the uid of the person running them. So that if psql
got trojaned, it could be used to update users paths and have people run
trojan versions of such programs such as ssh.