Tom Lane wrote:
> Stephan Szabo <sszabo@megazone.bigpanda.com> writes:
> > On Fri, 23 Jul 2004, Andreas Pflug wrote:
> >> What I'd like is
> >>
> >> SELECT pg_file_unlink('postgresql.conf.bak');
> >> SELECT pg_file_write('postgresql.conf.tmp', 'listen_addresses=...');
> >> SELECT pg_file_rename('postgresql.conf.tmp', 'postgresql.conf',
> >> 'postgresql.conf.bak');
> >> SELECT pg_reload_conf();
>
> > I personally don't think the above is the correct approach to allowing
> > configuration editing from remote.
>
> I'm pretty much against allowing configuration editing from remote
> altogether. It would raise the stakes tremendously in terms of what
> an attacker can do once they've acquired a connection with superuser
> rights. Remember that the above could be applied to pg_hba.conf,
> pg_ident.conf, etc just as well as postgresql.conf. Not to mention
> $HOME/.profile and other things the postgres user may own.
Why can't they just use COPY to replace the contents of pg_hba.conf now?
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
