Re: [INTERFACES] pg_pwd

Lamar Owen wrote:

> The RPM installation makes the directory automatically -- owned by user
> postgres, mode 755.  A two byte change in the spec file and rebuilding the
> RPM's will fix this  to mode 700 from the packaging end.  HOWEVER, if someone
> already has the RPM's, all they need to do is run, as root, 'chmod 0700
> /var/lib/pgsql' -- much quicker than a multimegabyte download of a new RPM set
> that contains no real fixes.

maybe no real fixes ... but the current state is that we have a 
security hole more bigger than the crater of gorongoro.

I agreed on doing just a chmod, but lots of people wouldn't do that, 
then you have to provide a smooth migration path in the next release, 
changing pgdata from 755 (created with the rpm) to 700.

> Now, if a sloppy admin goes in and changes things after the installation, that
> is their own problem.

yup, but it was not me who chmod'ed 755 /var/lib/pgsql nor 
chmod'ed 666 pg_pwd, leaving all passwords in clear to all
users on the system, not me ...


-- 
-=  Sergio A. Kessler     ==    http://sak.org.ar  =-
You can have it soon, cheap and working; choose *two*.