Lamar Owen wrote:
> The RPM installation makes the directory automatically -- owned by user
> postgres, mode 755. A two byte change in the spec file and rebuilding the
> RPM's will fix this to mode 700 from the packaging end. HOWEVER, if someone
> already has the RPM's, all they need to do is run, as root, 'chmod 0700
> /var/lib/pgsql' -- much quicker than a multimegabyte download of a new RPM set
> that contains no real fixes.
maybe no real fixes ... but the current state is that we have a
security hole more bigger than the crater of gorongoro.
I agreed on doing just a chmod, but lots of people wouldn't do that,
then you have to provide a smooth migration path in the next release,
changing pgdata from 755 (created with the rpm) to 700.
> Now, if a sloppy admin goes in and changes things after the installation, that
> is their own problem.
yup, but it was not me who chmod'ed 755 /var/lib/pgsql nor
chmod'ed 666 pg_pwd, leaving all passwords in clear to all
users on the system, not me ...
--
-= Sergio A. Kessler == http://sak.org.ar =-
You can have it soon, cheap and working; choose *two*.
