Home > mailing lists

Re: Providing catalog view to pg_hba.conf file - Patch submission - Mailing list pgsql-hackers

From	Pavel Stehule
Subject	Re: Providing catalog view to pg_hba.conf file - Patch submission
Date	February 28, 2015 08:28:37
Msg-id	CAFj8pRAC4m45eCupqBLG9T4o393DviFb8fcE45BPVDDmdp=LOg@mail.gmail.com Whole thread Raw
In response to	Re: Providing catalog view to pg_hba.conf file - Patch submission (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

2015-02-28 2:40 GMT+01:00 Tom Lane <tgl@sss.pgh.pa.us>:

Stephen Frost <sfrost@snowman.net> writes:
> I understand that there may be objections to that on the basis that it's
> work that's (other than for this case) basically useless,

Got it in one.

I'm also not terribly happy about leaving security-relevant data sitting
around in backend memory 100% of the time. We have had bugs that exposed
backend memory contents for reading without also granting the ability to
execute arbitrary code, so I think doing this does represent a
quantifiable decrease in the security of pg_hba.conf.

The Stephen's proposal changes nothing in security. These data are in memory now. The only one difference is, so these data will be fresh.

Regards

Pavel

regards, tom lane

pgsql-hackers by date:

From: Stephen Frost
Date: 28 February 2015, 08:28:01
Subject: Re: Proposal: knowing detail of config files via SQL

From: Michael Paquier
Date: 28 February 2015, 08:30:27
Subject: Re: Bug in pg_dump

Re: Providing catalog view to pg_hba.conf file - Patch submission - Mailing list pgsql-hackers

Previous

Next