Home > mailing lists

Re: Security implications of config-file-location patch - Mailing list pgsql-hackers

From	Zeugswetter Andreas DAZ SD
Subject	Re: Security implications of config-file-location patch
Date	October 8, 2004 15:38:04
Msg-id	46C15C39FEB2C44BA555E356FBCD6FA40184D1D7@m0114.s-mxs.net Whole thread Raw
In response to	Security implications of config-file-location patch (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Security implications of config-file-location patch
List	pgsql-hackers

Tree view

> > If they are using tablespaces is it OK that anyone can see their
> > location?
>
> Good point.  Should we obscure pg_tablespace similarly to
> what we do for pg_shadow?

Hmm, I can not see how a person with file access could not easily find the
file for a specific table without pg_tablespace anyway (since oid names will
be quite unique). Without file access, what malicious act is he going to do
with that info ?

I think hiding that info would not really be safer, thus not worth it.

Andreas

pgsql-hackers by date:

From: Oleg Bartunov
Date: 08 October 2004, 14:10:22
Subject: Re: plans for bitmap indexes?

From: Euler Taveira de Oliveira
Date: 08 October 2004, 17:25:53
Subject: Re: initdb crash

Re: Security implications of config-file-location patch - Mailing list pgsql-hackers

Previous

Next