From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "Peter J(dot) Holzer" <hjp-pgsql(at)hjp(dot)at> |
Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
Subject: | Re: What are best practices wrt passwords? |
Date: | 2024-10-16 22:03:15 |
Message-ID: | 483067.1729116195@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
"Peter J. Holzer" <hjp-pgsql(at)hjp(dot)at> writes:
> On Linux, unprivileged users can only see the environment of their own
> processes since a *very* long time ago. Possibly even before Ubuntu even
> existed. So I'm somewhat sceptical about that. Some other Unixes were
> more permissive. I don't know what camp MacOS falls into.
I poked at that on current macOS (Sequoia). The rule for unprivileged
users seems to be the same as on Linux: you can see the environment
variables of processes belonging to you. What is really interesting
is that "sudo ps auxwwe" and "ps auxwwe" have the same results: you
can still see only your own processes' environment variables. The
sole exception when I tried it was that under sudo the root-owned "ps"
command showed its own environment variables, which is pretty bizarre.
Looks like the test is not actually on the reported process ownership
but some inherited property.
To confuse matters even more, another machine that's running Sequoia
but with SIP turned off acts more like Linux: "sudo ps auxwwe" shows
environment variables for everything. So Apple's marching to their
own drummer as usual, but it doesn't look like there's any case where
they are more permissive than the Linux rule. I'm still not convinced
about whether all *BSD flavors match that, though.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Andy Hartman | 2024-10-16 22:59:32 | Re: Backup |
Previous Message | Koen De Groote | 2024-10-16 21:58:46 | Logical replication disabled, recovery not possible because of 1 large transaction with schema changes? |