I got a complaint here
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154126
pointing out that when you set debug=1, the generated log file
is world-readable by default, which doesn't seem like a good
idea when it may contain your password. Also, since the name
of the file is pretty predictable, there is an opportunity
for a symlink redirection attack (though I doubt anything
really interesting could be accomplished that way).
Any thoughts about fixing this? It's hard to believe no one
has pointed it out before, so I was wondering if there was some
good reason for doing it like this.
regards, tom lane