On Thu, 2005-01-13 at 15:13, Uwe C. Schroeder wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thursday 13 January 2005 10:52 am, Goulet, Dick wrote: > > Doug, > > > > OK, Assume that the binaries are installed under root, but a > > hacker cracks PostGres, what is to stop him/her from trashing all of the > > database files in the first place? Their not owned by root. Installing > > malware, whether it's actual code or destroying/defacing files causes > > similar if not identical problems. At least their restricted to the > > postgres user. And in my book the executables are of zero value whereas > > the data files, and their contained data, are of infinite value. So > > under your scheme we're protecting the least valuable part of the > > system at the expense of the most valuable. > > So where is the difference? If all executables AND the data is under the > postgres account - an intruder hacking the postgres account would still be > able to destroy your data. > BTW: most commercial software needs root access to be installed - and be it > just to create the user accounts. It doesn't really matter who owns the > executables - if the account owning the files is hacked you're screwed > anyways. When it comes to protecting the data which is the most important > thing after all, replication and backup are your friends. For my larger > customers I'm running replication to two offsite servers (one east-coast, one > texas, just to make sure they're fine when the next earthquake hits) and I do > backups every 8 hours - which are written to a tape and distributed to > another set of offsite servers using rdist. So whatever happens the max they > could ever possibly lose is 8 hours, except there is a full blown nuclear > attack on the whole US - in which case nobody would care about the data > anyways.
Like someone pointed out, it might be quite possible to install a trojaned psql executable or some equivalent to harvest passwords, or even a version that when executed by root on accident (i.e. the sysadmin forgets he's logged in as root and runs psql) which then installs a root kit. Also, it might make it easier for a hacker to cover his tracks if he can write to the postgresql binaries. ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org