Home > mailing lists

Re: Thoughts on the location of configuration files - Mailing list pgsql-hackers

From	Lamar Owen
Subject	Re: Thoughts on the location of configuration files
Date	December 19, 2001 04:22:47
Msg-id	200112190613.BAA28925@www.wgcr.org Whole thread Raw
In response to	Re: Thoughts on the location of configuration files (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

On Wednesday 19 December 2001 01:09 am, Tom Lane wrote:
> Lamar Owen <lamar.owen@wgcr.org> writes:
> >> Seems to me that someone who thinks the executables should be root-owned
> >> is likely to think the same of the config files.

> > Sorry to disappoint you :-)....
> > However, IMHO, for best security, the executables do need to be root
> > owned.

> his exploit by overwriting the executables with malicious code.  If the
> config files can be overwritten by the postgres user, then you still
> have an avenue for an attacker to expand his privileges.  Example: he
> can trivially become postgres superuser after altering pg_hba.conf.

This much is true.  Hmmm. More thought required.
-- 
Lamar Owen
WGCR Internet Radio
1 Peter 4:11

pgsql-hackers by date:

From: Bruce Momjian
Date: 19 December 2001, 04:10:45
Subject: Re: Thoughts on the location of configuration files

From: Lamar Owen
Date: 19 December 2001, 04:40:12
Subject: Re: Thoughts on the location of configuration files

Re: Thoughts on the location of configuration files - Mailing list pgsql-hackers

Previous

Next