Sunday, September 21, 2008

Re: [HACKERS] pg_settings.sourcefile patch is a security breach

Tom Lane wrote:
> We go to some lengths to prevent non-superusers from examining
> data_directory and other values that would tell them exactly where the
> PG data directory is in the server's filesystem. The recently applied
> patch to expose full pathnames of GUC variables' source files blows a
> hole a mile wide in that.
> Possible answers: don't show the path, only the file name; or
> show sourcefile/sourceline as NULL to non-superusers.

My vote goes for showing it as NULL to non-superusers. If we remove the
path, that makes it pretty darn useless for admin tools - which was the
main reason it was added in the first place..

And "showing full path for superuser, just filename for non-superusers"
just seems to be way too ugly to consider :-)


Sent via pgsql-hackers mailing list (
To make changes to your subscription:

No comments: