On Tue, Apr 3, 2012 at 11:12 PM, Greg Stark <stark@mit.edu> wrote:
> On Wed, Apr 4, 2012 at 1:19 AM, Dave Page <dpage@pgadmin.org> wrote:
>> then, we're talking about making parts of the filesystem
>> world-writeable so it doesn't even matter if the user is running as an
>> admin for a trojan or some other nasty to attack the system.
>
> The argument is that a trojan or other nasty doesn't *need* to be
> admin to attack the system since it can just attack the user's account
> since that's where all the interesting data is anyways.
Isn't that what I said?
> But again, this is all beside the point. It's a judgement for Apple
> and Microsoft and individual administrators to make. We can't really
> start reconfiguring people's systems to use a different security model
> than they expect just because they've installed a database software --
> even if we think our security model makes more sense than the one
> their used to.
Exactly - which is why I was objecting to recommending a distribution
of PostgreSQL that came in a packaging system that we were told
changed /usr/local to be world writeable to avoid the use/annoyance of
the standard security measures on the platform.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company