Re: [PATCH] pg_autovacuum commandline password hiding. - Mailing list pgsql-patches

From Tom Lane
Subject Re: [PATCH] pg_autovacuum commandline password hiding.
Date
Msg-id 7998.1116992194@sss.pgh.pa.us
Whole thread Raw
In response to Re: [PATCH] pg_autovacuum commandline password hiding.  (Neil Conway <neilc@samurai.com>)
Responses Re: [PATCH] pg_autovacuum commandline password hiding.
List pgsql-patches
Neil Conway <neilc@samurai.com> writes:
> Tom Lane wrote:
>> I don't offhand know of any Unix platforms where they cannot be found
>> out

> I don't know which platforms it is secure/insecure on, but I can
> certainly imagine secure systems where ps(1) data in general is viewed
> as sensitive and thus not made globally visible.

It's imaginable, but can you point to any real examples?  The historical
tradition is that command-line parameters are visible, and therefore
Unix programs are invariably designed to not expose security information
on the command line, and therefore there is no security motivation to
hide command lines.  It's a tight little cause-and-effect loop.

Unfortunately, pg_autovacuum didn't get the word, and so we are creating
an opportunity for people to shoot themselves in the foot.  I think
that's a bug to be fixed.

> I don't think there is sufficient justification for removing this
> feature and breaking users of a stable release series.

"Breaking" obviously-insecure usages is exactly the intention.

            regards, tom lane

pgsql-patches by date:

Previous
From: "Qingqing Zhou"
Date:
Subject: Re: fix a bogus line in dynahash.c
Next
From: Neil Conway
Date:
Subject: Re: [PATCH] pg_autovacuum commandline password hiding.