Re: Security implications of config-file-location patch

From: "Zeugswetter Andreas DAZ SD" <ZeugswetterA(at)spardat(dot)at>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: "Andrew Dunstan" <andrew(at)dunslane(dot)net>, <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Security implications of config-file-location patch
Date: 2004-10-08 11:36:52
Message-ID: 46C15C39FEB2C44BA555E356FBCD6FA40184D1D7@m0114.s-mxs.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers


> > If they are using tablespaces is it OK that anyone can see their
> > location?
>
> Good point. Should we obscure pg_tablespace similarly to
> what we do for pg_shadow?

Hmm, I can not see how a person with file access could not easily find the
file for a specific table without pg_tablespace anyway (since oid names will
be quite unique). Without file access, what malicious act is he going to do
with that info ?

I think hiding that info would not really be safer, thus not worth it.

Andreas

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Euler Taveira de Oliveira 2004-10-08 13:25:39 Re: initdb crash
Previous Message Oleg Bartunov 2004-10-08 10:09:54 Re: plans for bitmap indexes?