Andres Freund <> writes:
> ... We don't prevent the user from making the
> configuration file world-writable either,

Maybe we should.  It wasn't an issue originally, because the config files
were necessarily inside $PGDATA which we restrict permissions on.  But
these days you can place the config files in places where untrustworthy
people could get at them.

                        regards, tom lane

Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to