Обсуждение: pgsql-server/src/interfaces/libpq fe-connect.c
pgsql-server/src/interfaces/libpq fe-connect.c
От
momjian@postgresql.org (Bruce Momjian - CVS)
Дата:
CVSROOT: /cvsroot
Module name: pgsql-server
Changes by: momjian@postgresql.org 02/08/29 19:06:32
Modified files:
src/interfaces/libpq: fe-connect.c
Log message:
> > > > If you want to put in security restrictions that are actually useful,
> > > > where is the code to verify that PGPASSWORDFILE points at a
> > > > non-world-readable file? That needs to be there now, not later, or
> > > > we'll have people moaning about backward compatibility when we finally
> > > > do plug that hole.
Alvaro Herrera
Does this patch also check that it's not world-writable? Chris > -----Original Message----- > From: pgsql-committers-owner@postgresql.org > [mailto:pgsql-committers-owner@postgresql.org]On Behalf Of Bruce Momjian > - CVS > Sent: Friday, 30 August 2002 7:07 AM > To: pgsql-committers@postgresql.org > Subject: [COMMITTERS] pgsql-server/src/interfaces/libpq fe-connect.c > > > CVSROOT: /cvsroot > Module name: pgsql-server > Changes by: momjian@postgresql.org 02/08/29 19:06:32 > > Modified files: > src/interfaces/libpq: fe-connect.c > > Log message: > > > > > If you want to put in security restrictions that > are actually useful, > > > > > where is the code to verify that PGPASSWORDFILE points at a > > > > > non-world-readable file? That needs to be there > now, not later, or > > > > > we'll have people moaning about backward > compatibility when we finally > > > > > do plug that hole. > > Alvaro Herrera > > > ---------------------------(end of broadcast)--------------------------- > TIP 5: Have you checked our extensive FAQ? > > http://www.postgresql.org/users-lounge/docs/faq.html >
En Fri, 30 Aug 2002 10:15:02 +0800 "Christopher Kings-Lynne" <chriskl@familyhealth.com.au> escribió: > Does this patch also check that it's not world-writable? Yes (S_IRWXG | S_IRWXO). What it doesn't check is that the directory it lives in is also not world- or group-writable, or that it is a regular file. I'm doing CLUSTER ALL right now and will attack REINDEX ALL later, so feel free to do anything you like with this... -- Alvaro Herrera (<alvherre[a]atentus.com>) "Everybody understands Mickey Mouse. Few understand Hermann Hesse. Hardly anybody understands Einstein. And nobody understands Emperor Norton."
Alvaro Herrera wrote: > En Fri, 30 Aug 2002 10:15:02 +0800 > "Christopher Kings-Lynne" <chriskl@familyhealth.com.au> escribi?: > > > Does this patch also check that it's not world-writable? > > Yes (S_IRWXG | S_IRWXO). > > What it doesn't check is that the directory it lives in is also not > world- or group-writable, or that it is a regular file. I think the existing checks are enough. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073