In my logic, we have PGDATA environment variable for the server only so
the server can find the /data directory. After that, everything should
be in /data. I see no reason to make it an environment variable.
In fact, a file in /data should be able to track the xlog directory a
lot better than an evironment variable will.
---------------------------------------------------------------------------
Tom Lane wrote:
> Andrew Sullivan <andrew@libertyrms.info> writes:
> > On Tue, Jul 30, 2002 at 02:05:57PM -0400, Tom Lane wrote:
> >> If we add more environment-variable-dependent mechanisms to allow more
> >> different things to be done, we increase substantially the odds of
> >> creating an exploitable security hole.
>
> > Ok, true enough, but I'm not sure that a config file or any other
> > such mechanism is any safer. As Lamar Owen said, anyone who can
> > poison the postgres user's environment can likely do evil things to
> > postgresql.conf as well.
>
> Who said anything about poisoning the environment? My point was that
> there will be strings in the environment that were put there perfectly
> legitimately, but could still serve as an attack vehicle.
>
> The weakness of the existing database-locations-are-environment-variables
> feature is really that the attacker gets to choose which environment
> variable gets used, and so he can use a variable intended to serve
> purpose A for some other purpose B. If A and B are sufficiently
> different then you got trouble --- and since we are talking about a
> purpose B that involves writing on something, there's definitely a risk.
>
> A mechanism based only on a fixed environment variable name doesn't
> create the sort of threat I'm contemplating. For example, if the
> postmaster always and only looked at $PGXLOG to find the xlog then
> you'd not have this type of risk. But Thomas said he was basing the
> feature on database locations, and in the absence of seeing the code
> I don't know if he's creating a security hole or not.
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
>
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026