Why are absolute paths considered a security risk?

From: Hadley Willan <hadley(dot)willan(at)deeperdesign(dot)co(dot)nz>
To: Postgresql General <pgsql-general(at)postgresql(dot)org>
Subject: Why are absolute paths considered a security risk?
Date: 2003-02-25 23:15:48
Message-ID: 1046214948.1595.0.camel@atlas.sol.deeper.co.nz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

The documentation (7.2.1) mentions that allowing absolute paths when
creating a db is a security risk and is off by default.

However, it seems fairly hard to exploit, and I was wondering if anybody
has any examples of how much of a risk this is?

Reason I ask is we're considering turning them on in our server and want
to consider these risks.

Thank You.
--
Hadley Willan > Systems Development > Deeper Design Limited. +64(7)377-3328
hadley(dot)willan(at)deeperdesign(dot)co(dot)nz > www.deeperdesign.com > +64(21)-28-41-463
Level 1, 4 Tamamutu St, PO Box 90, TAUPO 2730, New Zealand.

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Neil Conway 2003-02-25 23:15:53 Re: Can postgresql be run in memory (like a memory resi
Previous Message Stephan Szabo 2003-02-25 23:11:07 Re: Compilation errors?