Re: pgsql: Keep pg_stat_statements' query texts in a file, not in shared me
| От | Andrew Dunstan |
|---|---|
| Тема | Re: pgsql: Keep pg_stat_statements' query texts in a file, not in shared me |
| Дата | |
| Msg-id | 52E70919.60600@dunslane.net обсуждение исходный текст |
| Ответ на | Re: pgsql: Keep pg_stat_statements' query texts in a file, not in shared me (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: pgsql: Keep pg_stat_statements' query texts in a
file, not in shared me
|
| Список | pgsql-committers |
On 01/27/2014 08:23 PM, Tom Lane wrote: > Peter Geoghegan <pg@heroku.com> writes: >> On Mon, Jan 27, 2014 at 5:12 PM, KONDO Mitsumasa >> <kondo.mitsumasa@lab.ntt.co.jp> wrote: >>> This patch has security problem that root can easily see the statement file >>> in database cluster. >> By default, we always serialize statements along with their query >> texts to disk on shutdown. Until May of 2012, pg_stat_statements >> didn't bother unlinking on startup, and so the file with query texts >> was always on the PGDATA filesystem. What's the difference? > Root can certainly also look at query texts in shared memory, or for that > matter in the local memory of any process. So can anybody else running as > the postgres userid. > > Also, current query texts are probably less interesting to an intruder > than the contents of the database itself, which is stored in the same > directory tree with the same permissions (0600) as the query-text file. > > So I'm failing to detect any incremental increase in risk here. Anybody > who can read that file can already do pretty much whatever he wants with > either the server processes or the database contents. > > The query texts are particularly uninteresting since I assume the data values in the query have already been mostly dissolved away by pg_stat_statements. cheers andrew
В списке pgsql-committers по дате отправления: