Tom Lane wrote:
Neil Conway <[EMAIL PROTECTED]> writes:
I don't know which platforms it is secure/insecure on, but I can certainly imagine secure systems where ps(1) data in general is viewed as sensitive and thus not made globally visible.



It's imaginable, but can you point to any real examples?

FreeBSD's MAC (security.mac.seeotheruids.enabled sysctl) and the Openwall Linux kernel patch are the first examples I found, but I didn't spend long searching.

I don't think there is sufficient justification for removing this feature and breaking users of a stable release series.

"Breaking" obviously-insecure usages is exactly the intention.

But it's not "obviously-insecure". In some situations it is perfectly secure (or security isn't important), but there are better alternatives (e.g. using trust authentication, as you suggest).

-Neil

---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
     joining column's datatypes do not match

Reply via email to