Re: WAL file location

From: Andrew Sullivan <andrew(at)libertyrms(dot)info>
To: PostgreSQL Hackers List <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: WAL file location
Date: 2002-07-30 18:19:46
Message-ID: 20020730141946.F16703@mail.libertyrms.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Jul 30, 2002 at 02:05:57PM -0400, Tom Lane wrote:
>
> If we add more environment-variable-dependent mechanisms to allow more
> different things to be done, we increase substantially the odds of
> creating an exploitable security hole.

Ok, true enough, but I'm not sure that a config file or any other
such mechanism is any safer. As Lamar Owen said, anyone who can
poison the postgres user's environment can likely do evil things to
postgresql.conf as well. Still, environment variables _are_ a
notorious weak point for crackers.

As I said, I don't much care how it is implemented, but I think
_that_ it is implemented is important, at least for our (Liberty's)
uses. If the only way it's going to be done is to accept a potential
security risk, maybe the answer is to allow the security risk, but
set by default to off.

A

--
----
Andrew Sullivan 87 Mowat Avenue
Liberty RMS Toronto, Ontario Canada
<andrew(at)libertyrms(dot)info> M6K 3E3
+1 416 646 3304 x110

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Marc G. Fournier 2002-07-30 18:20:11 Re: Virus Emails
Previous Message Sander Steffann 2002-07-30 18:18:49 Re: Password sub-process ...