Hi.
For some time I've been staring at the installation procedure and shaking
my head. It looks to me like someone took the rule of least privlege to an
extreme. Although I believe it is important to be able to install postgres
if you do not have root access, I think this represents a minority of
users.
I think most SA's would prefer to be able to make;make install and have
postgres install itself and set the permission rather than su'ing to the
postgres user and building/installing that way. Am I the only one who
thinks that the install procedure is more complex than it needs to be?
Also, I've noted the permissions of the installed binaries as a potential
security risk. A small one, but still... Suppose a user found a buffer
overrun in postgres (I don't think this would be too hard to do) they
could gain access to the postgres account and use that to trojan the
postgres binaries. The solution would of course be to install the binaries
owned by root. I normally do this manually, but I think it should be an
install thing.
If people think these two ideas are good ones, I can easily come up with
patches for the install.
-Michael