In my logic, we have PGDATA environment variable for the server only so the server can find the /data directory. After that, everything should be in /data. I see no reason to make it an environment variable.
In fact, a file in /data should be able to track the xlog directory a lot better than an evironment variable will. --------------------------------------------------------------------------- Tom Lane wrote: > Andrew Sullivan <[EMAIL PROTECTED]> writes: > > On Tue, Jul 30, 2002 at 02:05:57PM -0400, Tom Lane wrote: > >> If we add more environment-variable-dependent mechanisms to allow more > >> different things to be done, we increase substantially the odds of > >> creating an exploitable security hole. > > > Ok, true enough, but I'm not sure that a config file or any other > > such mechanism is any safer. As Lamar Owen said, anyone who can > > poison the postgres user's environment can likely do evil things to > > postgresql.conf as well. > > Who said anything about poisoning the environment? My point was that > there will be strings in the environment that were put there perfectly > legitimately, but could still serve as an attack vehicle. > > The weakness of the existing database-locations-are-environment-variables > feature is really that the attacker gets to choose which environment > variable gets used, and so he can use a variable intended to serve > purpose A for some other purpose B. If A and B are sufficiently > different then you got trouble --- and since we are talking about a > purpose B that involves writing on something, there's definitely a risk. > > A mechanism based only on a fixed environment variable name doesn't > create the sort of threat I'm contemplating. For example, if the > postmaster always and only looked at $PGXLOG to find the xlog then > you'd not have this type of risk. But Thomas said he was basing the > feature on database locations, and in the absence of seeing the code > I don't know if he's creating a security hole or not. > > regards, tom lane > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster > -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org
