Re: [INTERFACES] pg_pwd
| От | Tom Lane |
|---|---|
| Тема | Re: [INTERFACES] pg_pwd |
| Дата | |
| Msg-id | 28767.943138678@sss.pgh.pa.us обсуждение |
| Ответ на | Re: [INTERFACES] pg_pwd (Lamar Owen <lamar.owen@wgcr.org>) |
| Ответы |
Re: [INTERFACES] pg_pwd
|
| Список | pgsql-interfaces |
Lamar Owen <lamar.owen@wgcr.org> writes:
> And yes, this IS a glaring security hole, IF the user postgres has a postgres
> password. Just WHY is pg_pwd mode 666 in the first place??
Because it's written out with a backend-side COPY operation, and
backend-side COPY makes *every* file it creates mode 666.
As I commented earlier in this thread, I think COPY ought not create
files with looser permissions than 644 (does anyone know why that's
not true already?). But that still wouldn't be good enough for pg_pwd.
Maybe it would be worthwhile to try to force pg_pwd in particular
to be written with just mode 600. In the standard configuration that
shouldn't make any difference ... but if people are going to use
hacked-up initdb code, as you evidently are doing, we probably should
not rely on the data directory to be locked up tightly...
regards, tom lane
В списке pgsql-interfaces по дате отправления: