Home > mailing lists

Why are absolute paths considered a security risk? - Mailing list pgsql-general

From	Hadley Willan
Subject	Why are absolute paths considered a security risk?
Date	February 25, 2003 21:42:26
Msg-id	1046214948.1595.0.camel@atlas.sol.deeper.co.nz Whole thread Raw
Responses	Re: Why are absolute paths considered a security risk? (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-general

Tree view

The documentation (7.2.1) mentions that allowing absolute paths when
creating a db is a security risk and is off by default.

However, it seems fairly hard to exploit, and I was wondering if anybody
has any examples of how much of a risk this is?

Reason I ask is we're considering turning them on in our server and want
to consider these risks.

Thank You.
--
Hadley Willan > Systems Development > Deeper Design Limited. +64(7)377-3328
hadley.willan@deeperdesign.co.nz > www.deeperdesign.com > +64(21)-28-41-463
Level 1, 4 Tamamutu St, PO Box 90, TAUPO 2730, New Zealand.

pgsql-general by date:

From: Neil Conway
Date: 25 February 2003, 21:41:45
Subject: Re: Can postgresql be run in memory (like a memory resi

From: Doug McNaught
Date: 25 February 2003, 21:49:27
Subject: Re: Compilation errors?

Why are absolute paths considered a security risk? - Mailing list pgsql-general

Previous

Next