Re: Switching to Homebrew as recommended Mac install? - Mailing list pgsql-hackers

From Dave Page
Subject Re: Switching to Homebrew as recommended Mac install?
Date
Msg-id CA+OCxoyMfhdm8OKFKOXSew5s9_MWO=h0JB+WxYszOygZp_o4-w@mail.gmail.com
Whole thread Raw
In response to Re: Switching to Homebrew as recommended Mac install?  (Greg Stark <stark@mit.edu>)
Responses Re: Switching to Homebrew as recommended Mac install?
List pgsql-hackers
On Tue, Apr 3, 2012 at 11:12 PM, Greg Stark <stark@mit.edu> wrote:
> On Wed, Apr 4, 2012 at 1:19 AM, Dave Page <dpage@pgadmin.org> wrote:
>> then, we're talking about making parts of the filesystem
>> world-writeable so it doesn't even matter if the user is running as an
>> admin for a trojan or some other nasty to attack the system.
>
> The argument is that a trojan or other nasty doesn't *need* to be
> admin to attack the system since it can just attack the user's account
> since that's where all the interesting data is anyways.

Isn't that what I said?

> But again, this is all beside the point. It's a judgement for Apple
> and Microsoft and individual administrators to make. We can't really
> start reconfiguring people's systems to use a different security model
> than they expect just because they've installed a database software --
> even if we think our security model makes more sense than the one
> their used to.

Exactly - which is why I was objecting to recommending a distribution
of PostgreSQL that came in a packaging system that we were told
changed /usr/local to be world writeable to avoid the use/annoyance of
the standard security measures on the platform.

-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company


pgsql-hackers by date:

Previous
From: Shigeru HANADA
Date:
Subject: Re: pgsql_fdw, FDW for PostgreSQL server
Next
From: Joachim Wieland
Date:
Subject: Re: parallel pg_dump