The following bug has been logged online:
Bug reference: 1566
Logged by: Olivier Thauvin
Email address: nanardon@nanardon.homelinux.org
PostgreSQL version: 8.0.1
Operating system: Linux (Mandrake cooker)
Description: can't hide password with pg_autovacuum
Details:
I found an security with pg_autovacuum :(
After looking the README and --help, it seems there is no way to start it
with a configuration file.
This is not a problem except when the database is password protected, so you
have to use -P option to get it started (no prompt excpet I missed
something).
The potential issue come from ps, the password is show in clear:
nanardon 28664 0.4 0.0 3644 1384 ? Ss 04:05 0:00 pg_autovacuum
-D -s rpm2sql -PXXXXXX
XXXXXX is my password in clear (hidden here of course).
As you can see, there is enought information here for someone having an
account on the host to connect to DB with admin privileges on the DB (not as
postgres user of course, but only the owner of the db can vacuum).
Solution:
- change the command line after start like some ftp client does
- having the possiblility to read password from a file
- taking password from envirronment variable (AUTOVACUUM_PASS=pass
pg_autovacuum...)
If I have any time, I will try to provide a patch, but my knowledge in C are
too poor to ensure quality :(