Re: WAL file location
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Lamar Owen <lamar.owen@wgcr.org>
Cc: Curt Sampson <cjs@cynic.net>, Andrew Sullivan <andrew@libertyrms.info>, Thomas Lockhart <lockhart@fourpalms.org>, PostgreSQL Hackers List <pgsql-hackers@postgresql.org>
Date: 2002-07-31T03:51:38Z
Lists: pgsql-hackers
Lamar Owen <lamar.owen@wgcr.org> writes: >> Ah. See, we already have a failure in a security analysis here. This >> command: >> CREATE DATABASE foo WITH LOCATION = 'BAR' >> uses a string that's in the environment. > And requires you to be a database superuser anyway. CREATE DATABASE does not require superuser privs, only createdb which is not usually considered particular dangerous. Whether you think that there is a potentially-exploitable security hole here is not really the issue. The point is that two different arguments have been advanced against using environment variables for configuration (if you weren't counting, (1) possible security issues now or in the future and (2) lack of consistency between manual and boot-script startup), while zero (as in 0, nil, nada) arguments have been advanced in favor of using environment variables instead of configuration files. I do not see why we are debating the negative when there is absolutely no case on the positive side. regards, tom lane