Re: Why does Postgres need the /bin/sh?
| От | Tom Lane |
|---|---|
| Тема | Re: Why does Postgres need the /bin/sh? |
| Дата | |
| Msg-id | 24454.1020483424@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Why does Postgres need the /bin/sh? (Stephen Amadei <amadei@dandy.net>) |
| Ответы |
Re: Why does Postgres need the /bin/sh?
|
| Список | pgsql-bugs |
Stephen Amadei <amadei@dandy.net> writes:
> Hey guys... second post of the day. If you read my last post about
> Postgres 7.2.1 segfaulting on Slackware 8.0, you noted I am trying to
> chroot Postgres. Unfortunately, my chrooted postgres cannot create
> databases due to a 'system' call, which runs '/bin/sh'.
Ah.
> While, IMHO, the safest way to do this would be to code the cp and rm code
> internally, I have patched my copy to do a fork and execl to call the cp
> and rm programs directly (and placed /bin/cp and /bin/rm in the chroot
> jail) as a quick fix... I feel it gives a bit more security.
Why? If you are launching daemon processes with insecure directories
in their $PATH, who are you gonna blame but yourself?
I don't really see an advantage to reinventing the cp and rm wheels
here...
regards, tom lane
В списке pgsql-bugs по дате отправления: