Re: Bugtraq: Having Fun With PostgreSQL

The world rejoiced as jd@commandprompt.com ("Joshua D. Drake") wrote:
> Tom Lane wrote:
>> Michael Fuhr <mike@fuhr.org> writes:
>>> A message entitled "Having Fun With PostgreSQL" was posted to Bugtraq
>>> today.  I haven't read through the paper yet so I don't know if the
>>> author discusses security problems that need attention or if the
>>> article is more like a compilation of "Stupid PostgreSQL Tricks."
>>> http://www.securityfocus.com/archive/1/471541/30/0/threaded
>> It appears he's discovered the astonishing facts that
>> 1. The out-of-the-box authentication setup is "trust".
>> 2. A superuser can make the database do whatever he wants (within
>>    the OS privilege limits of the postgres user).
>> We've debated #1 before, and a lot of repackagers change it, but I
>> don't really feel a strong urge to change it in the source distro.
>> As for #2, that's not a bug, it's intended behavior.
>
> On #1, the fact that we allow trust as default is embarrassing. It
> would be just as bad as having the default root password be password
> on a linux box. We should be using md5 and force passing the password
> with initdb.

That won't help; that would introduce the "embarrassment" of having a
known default password.

This is a case where it takes careful thought to grasp whether there
is a problem or not.

If all we do is to shift the embarrassment around, that's not much
help.
-- 
output = reverse("moc.liamg" "@" "enworbbc")
http://linuxfinances.info/info/slony.html
"If all you can see is  vast masses of end-users chewing their cud and
running Win95  on Gateways, then what good  is platform independence?"
-- David LeBlanc (dleblanc@mindspring.com)