Re: [INTERFACES] pg_pwd

"Sergio A. Kessler" <ser@perio.unlp.edu.ar> writes:
>> See doc/TODO.detail/pg_shadow.

> where ? can you post an absolute url ?

Sorry, I forgot that the TODO.detail files are not in the 6.5.*
distribution (they got added to the CVS repository since 6.5).
I'm not sure if they are available separately at the website (Bruce?).
I know you could get them by downloading a current snapshot...

>>>> and why is world =writable & readable= ?
>>>> (hey, everybody, wanna know my passwd ?)
>> 
>> It's not really a security hole because it lives inside a directory
>> that's mode 700 (unless you tampered with the default permissions
>> setup). 

> in rh6.1 /var/lib/pgsql is 755 (and no, I haven't changed anything)
> can you spell "2_KM_DIAMETER_HOLE" ?

In a standard setup, pg_pwd is inside .../pgsql/data which is mode 700.
Have the RH guys really blown it this badly?  (Lamar?)
        regards, tom lane