"Goulet, Dick" <[EMAIL PROTECTED]> writes: > OK, Assume that the binaries are installed under root, but a > hacker cracks PostGres, what is to stop him/her from trashing all of the > database files in the first place? Their not owned by root. Installing > malware, whether it's actual code or destroying/defacing files causes > similar if not identical problems. At least their restricted to the > postgres user. And in my book the executables are of zero value whereas > the data files, and their contained data, are of infinite value. So > under your scheme we're protecting the least valuable part of the > system at the expense of the most valuable.
OK, suppose that I follow your suggestion. Assume that the binaries are installed under postgres, but a hacker cracks postgres. What is to stop him/her from trashing all the database files in the first place? (Nothing.) How is this different than the traditional installation where the binaries are owned by root? (It isn't, it's exactly the same.) The answer to your question doesn't provide any distinction between the traditional installation and the installation you prefer. The risks to the data are identical either way, but the risk of a trojan is less for a traditional installation than for your installation. Malware isn't restricted to the postgres user if any postgres binary is ever invoked by any user other than postgres. This might happen with psql, for example. Even if it were restricted to the postgres user, malware might still be used to collect unencrypted passwords. This problem is not identical to the dangers faced by losing data. It's data loss plus an extra worry. I agree that data security is a much bigger concern than the threat of trojaned Postgresql binaries. You are wrong, however, to think that you gain any security by having Postgresql binaries owned by a user other than root. It can be convenient to install without requiring root authority, but this convenience comes at a cost. This cost is small enough so that you may be comfortable paying it, but you should at least correctly understand the tradeoffs involved. ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster