Goulet, Dick wrote:
Doug,
OK, Assume that the binaries are installed under root, but a
hacker cracks PostGres, what is to stop him/her from trashing all of the
database files in the first place? Their not owned by root. Installing
malware, whether it's actual code or destroying/defacing files causes
similar if not identical problems. At least their restricted to the
postgres user. And in my book the executables are of zero value whereas
the data files, and their contained data, are of infinite value. So
under your scheme we're protecting the least valuable part of the
system at the expense of the most valuable.
The root user can not own postgres data files. The main super user which
can be any user except root (uid 0) is who owns the data files which is
determined at the runtime of initdb.
Sincerely,
Joshua D. Drake
Dick Goulet
Senior Oracle DBA
Oracle Certified 8i DBA
-----Original Message-----
From: Doug Quale [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 13, 2005 11:56 AM
To: PostgreSQL Admin
Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus "root"
Debate!
"Goulet, Dick" <[EMAIL PROTECTED]> writes:
to Postgres install as well. I as the DBA should be able to install,
upgrade, etc the software without access to the root account. Simply
put the fewer people who know the root password the fewer who can
destroy the system and the fewer who have to be told when the password
changes. And the fewer people who know anything, the more secure it
is.
This analysis is incomplete. Under this scheme, if someone cracks
your account they can install trojaned or malicious executables owned
by you without cracking root. The flaw is in believing that this
scheme requires an intruder to crack two accounts to defeat your
security. In fact, you have doubled the number of targets but left
the amount of work required of the bad guys to compromise your system
the same (crack one account).
Put all your eggs in one basket, and WATCH THAT BASKET.
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faqs/FAQ.html
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
--
Command Prompt, Inc., your source for PostgreSQL replication,
professional support, programming, managed services, shared
and dedicated hosting. Home of the Open Source Projects plPHP,
plPerlNG, pgManage, and pgPHPtoolkit.
Contact us now at: +1-503-667-4564 - http://www.commandprompt.com
begin:vcard
fn:Joshua D. Drake
n:Drake;Joshua D.
org:Command Prompt, Inc.
adr:;;PO Box 215;Cascade Locks;Oregon;97014;USA
email;internet:[EMAIL PROTECTED]
title:Consultant
tel;work:503-667-4564
tel;fax:503-210-0334
note:Command Prompt, Inc. is the largest and oldest US based commercial PostgreSQL support provider. We provide the only commercially viable integrated PostgreSQL replication solution, but also custom programming, and support. We authored the book Practical PostgreSQL, the procedural language plPHP, and adding trigger capability to plPerl.
x-mozilla-html:FALSE
url:http://www.commandprompt.com/
version:2.1
end:vcard
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faqs/FAQ.html
