Michael Richards <miker@scifair.acadiau.ca> writes:
> I think most SA's would prefer to be able to make;make install and have
> postgres install itself and set the permission rather than su'ing to the
> postgres user and building/installing that way. Am I the only one who
> thinks that the install procedure is more complex than it needs to be?
We've been around on that a couple of times. I'm of the opinion that
having the install procedure contain hardwired assumptions about how to
set the ownership of the installed files will make life more complex,
not simpler. In particular I do not think it would be an improvement
if the install *had* to be done as root; but on a lot of systems chown
requires root privs. Removing one "su" step for yourself is not worth
making installation much more difficult for people who are not in the
same situation you are.
> Also, I've noted the permissions of the installed binaries as a potential
> security risk. A small one, but still... Suppose a user found a buffer
> overrun in postgres (I don't think this would be too hard to do) they
> could gain access to the postgres account and use that to trojan the
> postgres binaries. The solution would of course be to install the binaries
> owned by root. I normally do this manually, but I think it should be an
> install thing.
Waste of time, as long as postgres is an unprivileged user. What you're
saying is that once someone has broken into the postgres account, they
can hack the postgres binaries to do anything that postgres can do.
But they can *already* do anything that postgres can do.
And, again, if install insists on doing things that way then it will
fail when not run as root.
regards, tom lane
