On Tue, Apr 3, 2012 at 7:48 PM, Josh Berkus <j...@agliodbs.com> wrote:
> On 4/3/12 5:22 AM, Robert Haas wrote:
>> On Mon, Apr 2, 2012 at 5:23 AM, Dave Page <dp...@pgadmin.org> wrote:
>>> If homebrew intentionally creates a hole like that, then for as long
>>> as I'm one of the PostgreSQL webmasters it will *never* be listed on
>>> our download pages.
> I don't agree. Listed with a warning, sure.  But it should be listed.

That's fine - you don't have to agree with me :-).

> Consider that OSX is pretty much purely a desktop platform (if you're
> using OSX on the server, security is the least of your problems).  As
> such, it doesn't have the same security concerns which server platforms
> have.

Can I interest you in a move to Windows XP, pre security shake-up?
It'll be pretty darn snappy on modern hardware!

Having the ability for users to write files to system locations was
one of the major reasons why Windows got into such problems. The only
difference with this situation is that instead of users running with
admin privileges as often (but not always) happened on Windows back
then, we're talking about making parts of the filesystem
world-writeable so it doesn't even matter if the user is running as an
admin for a trojan or some other nasty to attack the system.

That said, Jay has told me he was wrong about the world-writeable
thing anyway. Apparently Homebrew fixed that last year.

Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to