From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> |
Cc: | Curt Sampson <cjs(at)cynic(dot)net>, Andrew Sullivan <andrew(at)libertyrms(dot)info>, Thomas Lockhart <lockhart(at)fourpalms(dot)org>, PostgreSQL Hackers List <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: WAL file location |
Date: | 2002-07-31 03:51:38 |
Message-ID: | 24400.1028087498@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
>> Ah. See, we already have a failure in a security analysis here. This
>> command:
>> CREATE DATABASE foo WITH LOCATION = 'BAR'
>> uses a string that's in the environment.
> And requires you to be a database superuser anyway.
CREATE DATABASE does not require superuser privs, only createdb
which is not usually considered particular dangerous.
Whether you think that there is a potentially-exploitable security hole
here is not really the issue. The point is that two different arguments
have been advanced against using environment variables for configuration
(if you weren't counting, (1) possible security issues now or in the
future and (2) lack of consistency between manual and boot-script
startup), while zero (as in 0, nil, nada) arguments have been advanced
in favor of using environment variables instead of configuration files.
I do not see why we are debating the negative when there is absolutely
no case on the positive side.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Yuva Chandolu | 2002-07-31 03:53:06 | Outer join differences |
Previous Message | Bruce Momjian | 2002-07-31 03:50:38 | Open 7.3 items |