| From: | Qasim Tahir <qasimtahir(dot)qt1(at)gmail(dot)com> |
|---|---|
| To: | Khushboo Vashi <khushboo(dot)vashi(at)enterprisedb(dot)com> |
| Cc: | Dave Page <dpage(at)pgadmin(dot)org>, Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com>, pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
| Subject: | Re: Potential Security Issue: Permissions in PgAdmin Installation Directory |
| Date: | 2024-06-12 11:07:58 |
| Message-ID: | CAG=GPUMsvseog8th_52PdprR0hyOYHVzzt+Nae=KrgpXYcVKOg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
Yes, it worked.
Thanks for your support
Regards
Qasim
On Wed, Jun 12, 2024 at 10:10 AM Khushboo Vashi <
khushboo(dot)vashi(at)enterprisedb(dot)com> wrote:
> Hello,
>
> We have fixed this issue, you can test our nightly builds to verify the
> fix.
> To test the nightly build, follow the instructions given here
> https://www.postgresql.org/ftp/pgadmin/pgadmin4/snapshots/2024-06-12/apt/
> .
>
> Thanks,
> Khushboo
>
> On Mon, Jun 10, 2024 at 3:18 PM Qasim Tahir <qasimtahir(dot)qt1(at)gmail(dot)com>
> wrote:
>
>> Hi Everyone,
>>
>> Any update regarding the issue.
>>
>> Thanks
>> Qasim
>>
>> On Mon, Jun 3, 2024 at 10:46 AM Khushboo Vashi <
>> khushboo(dot)vashi(at)enterprisedb(dot)com> wrote:
>>
>>>
>>>
>>> On Sat, Jun 1, 2024 at 8:34 PM Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>>
>>>> Akshay, could you or one of the team look into this please?
>>>>
>>> I am looking into this issue
>>>
>>>>
>>>> Thanks.
>>>>
>>>> On Fri, 31 May 2024 at 23:27, Qasim Tahir <qasimtahir(dot)qt1(at)gmail(dot)com>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>> Platform and package details are below
>>>>>
>>>>> Platform: *Rocky 8.9*
>>>>> *pgadmin *version*: 8.7*
>>>>>
>>>>> Regards
>>>>> Qasim
>>>>>
>>>>> On Sat, Jun 1, 2024 at 3:09 AM Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>>>>
>>>>>> Hi
>>>>>>
>>>>>> On Thu, 30 May 2024 at 23:17, Qasim Tahir <qasimtahir(dot)qt1(at)gmail(dot)com>
>>>>>> wrote:
>>>>>>
>>>>>>> Dear PgAdmin Community,
>>>>>>>
>>>>>>> I am writing to report a potential security issue with the
>>>>>>> permissions set in the PgAdmin installation directory.
>>>>>>>
>>>>>>> After installing PgAdmin, I observed that several directories,
>>>>>>> including 'bin', 'venv', and 'web', have 775 permissions. Here are the
>>>>>>> details of the directory permissions:
>>>>>>> [image: image.png]
>>>>>>>
>>>>>>> Given the broad access provided by 775 permissions, there is a
>>>>>>> concern about the potential for unauthorized access or modifications.
>>>>>>>
>>>>>>>
>>>>>>> I would like to ask if these permissions are necessary for PgAdmin's
>>>>>>> operation or if they could be tightened to enhance security.
>>>>>>>
>>>>>>> Your guidance on this matter would be greatly appreciated.
>>>>>>>
>>>>>>> Thank you for your attention to this issue.
>>>>>>>
>>>>>>
>>>>>> What platform and package is this exactly?
>>>>>>
>>>>>> --
>>>>>> Dave Page
>>>>>> pgAdmin: https://www.pgadmin.org
>>>>>> PostgreSQL: https://www.postgresql.org
>>>>>> EDB: https://www.enterprisedb.com
>>>>>>
>>>>>>
>>>>
>>>> --
>>>> Dave Page
>>>> pgAdmin: https://www.pgadmin.org
>>>> PostgreSQL: https://www.postgresql.org
>>>> EDB: https://www.enterprisedb.com
>>>>
>>>>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Aditya Toshniwal | 2024-06-19 12:41:19 | Query tool data grid - Infinite scroll vs Pagination |
| Previous Message | Khushboo Vashi | 2024-06-12 05:09:47 | Re: Potential Security Issue: Permissions in PgAdmin Installation Directory |