On Tuesday 30 July 2002 07:10 am, Curt Sampson wrote:
> BTW, you mention in another message that environment variables work
> well for you. Well, they are a security problem waiting to happen,
> IMHO. Do you have any objections to having a file containing a list
> of the various data directories? Maybe we could put the log directory
> in it, too, and have PGDATA point to that file, so we'd need only one
> environment variable? (And then we'd have a more obviously accessable
> list of where everything is, as well.)
$PGDATA/postgresql.conf just needs extending in this direction. There is a
patch to do most of this already -- just not the WAL stuff. Due to the heat
it generated the last time, and the fact that we were in beta at the time,
the author of that patch left the list.
Now, let me make the statement that the environment in this case is not likely
to be a security issue any worse than having the stuff in postgresql.conf, as
any attacker that can poison the postmaster environment can probably poison
postgresql.conf. Such poisoning isn't an issue here, as postmaster is just
going to gripe about the WAL files being missing, or it's going to create new
ones. Since postmaster doesn't run as root, it can't be used to overwrite
system files, the typcial target for environment poisoning.
You might want to see about reading the archives -- even though I know they
tend to be broken whenever you want to search them. The idea you mention has
not only been brought up, but has been thoroughly discussed at length, and a
patch exists for the majority of the locations in question, just not WAL. I
have some of the discussion locally archived, but not the original patch.
Search on 'Explicit config patch'. Also see 'Thoughts on the location of
configuration files' and 'Explicit configuration file'.
Explaining what you mean by the potential security implications would be nice.
--
Lamar Owen
WGCR Internet Radio
1 Peter 4:11