Re: [INTERFACES] pg_pwd

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: [INTERFACES] pg_pwd
Дата
Msg-id 3766.943051402@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: [INTERFACES] pg_pwd  ("Sergio A. Kessler" <ser@perio.unlp.edu.ar>)
Ответы Re: [INTERFACES] pg_pwd
Список pgsql-interfaces
"Sergio A. Kessler" <ser@perio.unlp.edu.ar> writes:
>> See doc/TODO.detail/pg_shadow.

> where ? can you post an absolute url ?

Sorry, I forgot that the TODO.detail files are not in the 6.5.*
distribution (they got added to the CVS repository since 6.5).
I'm not sure if they are available separately at the website (Bruce?).
I know you could get them by downloading a current snapshot...

>>>> and why is world =writable & readable= ?
>>>> (hey, everybody, wanna know my passwd ?)
>> 
>> It's not really a security hole because it lives inside a directory
>> that's mode 700 (unless you tampered with the default permissions
>> setup). 

> in rh6.1 /var/lib/pgsql is 755 (and no, I haven't changed anything)
> can you spell "2_KM_DIAMETER_HOLE" ?

In a standard setup, pg_pwd is inside .../pgsql/data which is mode 700.
Have the RH guys really blown it this badly?  (Lamar?)
        regards, tom lane


В списке pgsql-interfaces по дате отправления:

Предыдущее
От: "Sergio A. Kessler"
Дата:
Сообщение: Re: [INTERFACES] pg_pwd
Следующее
От: Mads Pultz
Дата:
Сообщение: JDBC compliancy question