Re: Replacing MD5 hash in pg_auth...

On Apr 14, 2006, at 6:47 PM, Peter van der Maas wrote:

> Hello,
>
> Is it correct to assume that if a user has write permission to
> \data\global\pg_auth on a Win32 machine, the superuser's MD5 hash
> can be
> replaced with one of a known origin in order to own the DB?

Probably. It'd be much easier to edit pg_hba.conf, though.

If anyone other than postgres has read permission, let alone write
permission, to /usr/local/pgsql/data or equivalent, or anywhere
underneath
there, you're on very shaky security grounds.

>
> I do practice as noted in the Win FAQ, just want to make sure I am not
> missing something:
>
> "If you are running PostgreSQL on a multi-user system, you should
> remove
> the permissions from all non-administrative users from the PostgreSQL
> directories. No user ever needs permissions on the PostgreSQL files -
> all communication is done through the libpq connection. Direct
> access to
> data files can lead to information disclosure or system instability!"

As in "We 0wn3rz y0uz database".

Cheers,
   Steve