Re: pg_settings.sourcefile patch is a security breach

Magnus Hagander wrote:
> Tom Lane wrote:
>> We go to some lengths to prevent non-superusers from examining
>> data_directory and other values that would tell them exactly where the
>> PG data directory is in the server's filesystem.  The recently applied
>> patch to expose full pathnames of GUC variables' source files blows a
>> hole a mile wide in that.
>>
>> Possible answers: don't show the path, only the file name; or
>> show sourcefile/sourceline as NULL to non-superusers.
> 
> My vote goes for showing it as NULL to non-superusers. If we remove the
> path, that makes it pretty darn useless for admin tools - which was the
> main reason it was added in the first place..
> 
> And "showing full path for superuser, just filename for non-superusers"
> just seems to be way too ugly to consider :-)

I've applied a patch that does this.

//Magnus