Re: Potential Security Issue: Permissions in PgAdmin Installation Directory

Поиск
Список
Период
Сортировка
От Usman Khan
Тема Re: Potential Security Issue: Permissions in PgAdmin Installation Directory
Дата
Msg-id CANVC+RF0m_YhGwfdCQP1nPoriDWaX_+Juphe=koHQiKRt2QvzQ@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Potential Security Issue: Permissions in PgAdmin Installation Directory  (Dave Page <dpage@pgadmin.org>)
Список pgadmin-hackers
Дерево обсуждения


On Sat, Jun 1, 2024 at 3:09 AM Dave Page <dpage@pgadmin.org> wrote:
Hi

On Thu, 30 May 2024 at 23:17, Qasim Tahir <qasimtahir.qt1@gmail.com> wrote:

Dear PgAdmin Community,

I am writing to report a potential security issue with the permissions set in the PgAdmin installation directory.

After installing PgAdmin, I observed that several directories, including 'bin', 'venv', and 'web', have 775 permissions. Here are the details of the directory permissions:image.png

Given the broad access provided by 775 permissions, there is a concern about the potential for unauthorized access or modifications. 


I would like to ask if these permissions are necessary for PgAdmin's operation or if they could be tightened to enhance security.

Your guidance on this matter would be greatly appreciated.

Thank you for your attention to this issue.


What platform and package is this exactly? 
FYI - this behaviour is reproducible on ubuntu 22.04 and rockey 8.9 with the latest installers for me.

ubuntu 22.04

image.png

rockey 8.9 - installed through guidance on this link https://www.pgadmin.org/download/pgadmin-4-rpm/

image.png




Вложения

В списке pgadmin-hackers по дате отправления:

Предыдущее
От: Dave Page
Дата:
Сообщение: Re: Potential Security Issue: Permissions in PgAdmin Installation Directory
Следующее
От: Usman Khan
Дата:
Сообщение: Re: Messages held for moderation