Re: How to revoke privileged from PostgreSQL's superuser
| От | Bruce Momjian |
|---|---|
| Тема | Re: How to revoke privileged from PostgreSQL's superuser |
| Дата | |
| Msg-id | 20180815192838.GA5005@momjian.us обсуждение исходный текст |
| Ответ на | Re: How to revoke privileged from PostgreSQL's superuser (Evan Rempel <erempel@uvic.ca>) |
| Ответы |
Re: How to revoke privileged from PostgreSQL's superuser
|
| Список | pgsql-admin |
On Wed, Aug 15, 2018 at 09:05:51AM -0700, Evan Rempel wrote: > At the end of the day someone has full access and control and can do anything without auditing database statements. > > For instance, as the root user on the server, I can do: > > - shutdown the server database > - copy the entire DB filespace to my workstation > - change the workstation config for no logging/auditing > - start the workstation Database > - make all the changes I want at the workstation. > - stop the workstation database > - copy all of the files back to the server > - start the server Database. > > no logging of any kind and all of the data would be suspect. Well, that is an intersting attack, and I don't think it requires root --- all it requires is access to the Postgres data directory. Frankly, I don't know if there is a way to prevent the Postgres superuser from silently disabling logging because the _data_ is fully under the control of the Postgres superuser. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
В списке pgsql-admin по дате отправления: