Re: [PATCH] pg_autovacuum commandline password hiding.
| От | Neil Conway |
|---|---|
| Тема | Re: [PATCH] pg_autovacuum commandline password hiding. |
| Дата | |
| Msg-id | 4293FF43.6020506@samurai.com обсуждение исходный текст |
| Ответ на | Re: [PATCH] pg_autovacuum commandline password hiding. (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-patches |
Tom Lane wrote: > Neil Conway <neilc@samurai.com> writes: >>I don't know which platforms it is secure/insecure on, but I can >>certainly imagine secure systems where ps(1) data in general is viewed >>as sensitive and thus not made globally visible. > > > It's imaginable, but can you point to any real examples? FreeBSD's MAC (security.mac.seeotheruids.enabled sysctl) and the Openwall Linux kernel patch are the first examples I found, but I didn't spend long searching. >>I don't think there is sufficient justification for removing this >>feature and breaking users of a stable release series. > > "Breaking" obviously-insecure usages is exactly the intention. But it's not "obviously-insecure". In some situations it is perfectly secure (or security isn't important), but there are better alternatives (e.g. using trust authentication, as you suggest). -Neil
В списке pgsql-patches по дате отправления: