Re: Thoughts on the location of configuration files
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Lamar Owen <lamar.owen@wgcr.org>
Cc: Peter Eisentraut <peter_e@gmx.net>, PostgreSQL Development <pgsql-hackers@postgresql.org>
Date: 2001-12-19T06:09:15Z
Lists: pgsql-hackers
Lamar Owen <lamar.owen@wgcr.org> writes: >> Seems to me that someone who thinks the executables should be root-owned >> is likely to think the same of the config files. > Sorry to disappoint you :-). > ... > However, IMHO, for best security, the executables do need to be root owned. Or at least not owned/writable by the postgres user. Sure, that seems like a good idea for a high-security installation. But I always thought the motivation for that rule was to prevent someone who'd gained some control of the program (eg via a buffer-overrun exploit) from expanding his exploit by overwriting the executables with malicious code. If the config files can be overwritten by the postgres user, then you still have an avenue for an attacker to expand his privileges. Example: he can trivially become postgres superuser after altering pg_hba.conf. regards, tom lane