On Thu, Apr 25, 2013 at 8:24 AM, Peter Eisentraut <pete...@gmx.net> wrote: > On 4/25/13 12:09 AM, Tom Lane wrote: >> I think we need it fixed to reject any stats_temp_directory that is not >> postgres-owned with restrictive permissions. The problem here is not >> with what it deletes, it's with the insanely insecure configuration. > > Yeah, the requirements should be similar to what initdb requires for > PGDATA and pg_xlog.
Is this a blocker for 9.3? If it is a concern of not what is deleted but rather that someone can inject a poisoned stats file into the directory, does it need to be back-patched all the way, as that could be done before the split patch? Cheers, Jeff -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
