Re: recent Debian Postgres security update - Mailing list pgsql-novice
| From | Oliver Elphick |
|---|---|
| Subject | Re: recent Debian Postgres security update |
| Date | |
| Msg-id | 1031869534.18149.34.camel@linda Whole thread Raw |
| In response to | recent Debian Postgres security update (Imre Oolberg <imre@eenet.ee>) |
| List | pgsql-novice |
On Thu, 2002-09-12 at 22:58, Imre Oolberg wrote: > Hi! > > I use debian woody and postgres > version 7.2.1 which. i am tring to keep my system up with official debian > fixes and updates. > > I did the usual apt-get update && apt-get upgrade and forgot to configure > in pg_hba.conf 'local all trust'. Now it seemingly works all right but i > am worried about the message it gave: > > Sorry! I need unrestricted access in /etc/postgresql/pg_hba.conf to update > the databases. > > I wonder if you could give me advice what to do to 'update the databases' > properly or should i be worried at all about it? Or i am all right until > next fix when the trouble begins for me? > > I looked around and saw that one place which contains this Sorry! etc > thing ise enable_lang script which executes in turn createlang script. > In my case the following query produces output like that > > > template1=# select * from pg_language; > lanname | lanispl | lanpltrusted | lanplcallfoid | lancompiler > ----------+---------+--------------+---------------+------------- > internal | f | f | 0 | n/a > C | f | f | 0 | /bin/cc > sql | f | f | 0 | postgres > plpgsql | t | t | 291431 | > > Or should i just issue 'enable_lang --all' or better use backups sooner > the better ... In fact this query should have been sent to the Debian debian-user mailing list or to me as Debian maintainer. You can't expect the upstream PostgreSQL community to deal with distribution packaging issues. You can contact any package maintainer by emailing <package>@packages.debian.org (substituting the package name for <package>). You don't have any particular problem here. The package will install plpgsql, plperl and pltcl in every database if it can. Since your pg_hba.conf didn't allow that, it didn't happen. All it means is that you need to install them for yourself if you want them. For some of its operations, particularly where an initdb and reload of data is required, the install script will rewrite pg_hdb.conf to give itself access. I can't think at the moment if I simply don't do that for this particular operation or if something has gone wrong with it. -- Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight, UK http://www.lfix.co.uk/oliver GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C ======================================== "Let the wicked forsake his way, and the unrighteous man his thoughts; and let him return unto the LORD, and He will have mercy upon him; and to our God, for he will abundantly pardon." Isaiah 55:7
pgsql-novice by date: