| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: pg_settings.sourcefile patch is a security breach |
| Date: | 2008-09-21 18:38:44 |
| Message-ID: | 48D694B4.3010504@hagander.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> We go to some lengths to prevent non-superusers from examining
> data_directory and other values that would tell them exactly where the
> PG data directory is in the server's filesystem. The recently applied
> patch to expose full pathnames of GUC variables' source files blows a
> hole a mile wide in that.
>
> Possible answers: don't show the path, only the file name; or
> show sourcefile/sourceline as NULL to non-superusers.
My vote goes for showing it as NULL to non-superusers. If we remove the
path, that makes it pretty darn useless for admin tools - which was the
main reason it was added in the first place..
And "showing full path for superuser, just filename for non-superusers"
just seems to be way too ugly to consider :-)
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dmitry Koterov | 2008-09-21 18:49:56 | Re: Foreign key constraint for array-field? |
| Previous Message | Tom Lane | 2008-09-21 18:25:08 | pg_settings.sourcefile patch is a security breach |