Tom Lane wrote: > Bruce Momjian <[EMAIL PROTECTED]> writes: > > Thinking we have security because they can't guess > > pgdata seems like security through obscurity to me. > > Sure, but it's still a useful roadblock to throw in an attacker's way. > > I spent many years doing computer security stuff, and one thing I > learned is that the more layers of security you can have, the better. > You don't put all your faith in any one roadblock; you erect a series > of them that an attacker will have to break through all of. If some > of 'em are a little porous, that doesn't make 'em useless. > > In today's context, I think the main point of requiring an attacker > to guess $PGDATA is that it helps avoid the "software monoculture" > syndrome. If someone did manage to write a Postgres-based virus that > involved an exploit in this area, it could only spread to machines > that had the $PGDATA value the virus writer was expecting.
As a super-user, could an attacker load a server-side language and access the backend environment variable PGDATA. Also look at this: test=> CREATE FUNCTION "xxx_call_handler" () RETURNS language_handler AS '$libdir/pltcl' LANGUAGE C; ERROR: could not find function "xxx_call_handler" in file "/usr/var/local/postgres/lib/pltcl.so" Notice the expansion of "$libdir". -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html