| From: | Steve Atkins <steve(at)blighty(dot)com> |
|---|---|
| To: | pgsql general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Replacing MD5 hash in pg_auth... |
| Date: | 2006-04-15 03:25:32 |
| Message-ID: | DB042D64-ECD0-4F89-985D-B800DCB82D0D@blighty.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Apr 14, 2006, at 6:47 PM, Peter van der Maas wrote:
> Hello,
>
> Is it correct to assume that if a user has write permission to
> \data\global\pg_auth on a Win32 machine, the superuser's MD5 hash
> can be
> replaced with one of a known origin in order to own the DB?
Probably. It'd be much easier to edit pg_hba.conf, though.
If anyone other than postgres has read permission, let alone write
permission, to /usr/local/pgsql/data or equivalent, or anywhere
underneath
there, you're on very shaky security grounds.
>
> I do practice as noted in the Win FAQ, just want to make sure I am not
> missing something:
>
> "If you are running PostgreSQL on a multi-user system, you should
> remove
> the permissions from all non-administrative users from the PostgreSQL
> directories. No user ever needs permissions on the PostgreSQL files -
> all communication is done through the libpq connection. Direct
> access to
> data files can lead to information disclosure or system instability!"
As in "We 0wn3rz y0uz database".
Cheers,
Steve
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2006-04-15 04:15:01 | Re: Replacing MD5 hash in pg_auth... |
| Previous Message | Peter van der Maas | 2006-04-15 01:47:09 | Replacing MD5 hash in pg_auth... |