On Tue, Apr 3, 2012 at 11:12 PM, Greg Stark <st...@mit.edu> wrote: > On Wed, Apr 4, 2012 at 1:19 AM, Dave Page <dp...@pgadmin.org> wrote: >> then, we're talking about making parts of the filesystem >> world-writeable so it doesn't even matter if the user is running as an >> admin for a trojan or some other nasty to attack the system. > > The argument is that a trojan or other nasty doesn't *need* to be > admin to attack the system since it can just attack the user's account > since that's where all the interesting data is anyways.
Isn't that what I said? > But again, this is all beside the point. It's a judgement for Apple > and Microsoft and individual administrators to make. We can't really > start reconfiguring people's systems to use a different security model > than they expect just because they've installed a database software -- > even if we think our security model makes more sense than the one > their used to. Exactly - which is why I was objecting to recommending a distribution of PostgreSQL that came in a packaging system that we were told changed /usr/local to be world writeable to avoid the use/annoyance of the standard security measures on the platform. -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
