Participants
murphy pope
murphy pope
Thomas Lockhart
Thomas Lockhart
Attachments
Show all attachments
Thread Outline
#1murphy popemurphy pope
May 12, 2002
#2Thomas LockhartThomas Lockhartto murphy pope (#1)
May 13, 2002
#3murphy popemurphy popeto Thomas Lockhart (#2)
May 13, 2002

Why is ALLOW_ABSOLUTE_DBPATHS unsafe?

Started by murphy popealmost 24 years ago3 messagesgeneral
Jump to latest
#1murphy pope
murphy pope
pope_murphy@hotmail.com

The "Managing Databases" section of the Administrator's Guide says that
absolute DB paths introduce a security risk.

The CREATE DATABASE documentation says that there are security *AND* data
integrity issues involved with absolute DB paths.

Maybe I'm just not devious enough, but I can't figure out what the risks
are. Can anyone enlighten me?

Also, why are relative DB paths completely disallowed. I can see that you
would have to store the location relative to the cluster's path, but I must
be missing something here too. Thanks for any ideas.

-- Murphy

_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx

#2Thomas Lockhart
Thomas Lockhart
lockhart@fourpalms.org
In reply to: murphy pope (#1)
Re: Why is ALLOW_ABSOLUTE_DBPATHS unsafe?

Maybe I'm just not devious enough, but I can't figure out what the risks
are. Can anyone enlighten me?

Security issues include allowing non-privileged users access to
uncontrolled areas of storage. A devious non-privileged user might be
able to execute privileged code or otherwise mess around with data.

Data integrity issues include having the DBA lose control over *where*
data in the database is actually located. If a user decides to configure
some tables under /tmp, the DBA will have no way of knowing and will
have no opportunity to help plan the data storage strategy for his
system.

Also, why are relative DB paths completely disallowed. I can see that you
would have to store the location relative to the cluster's path, but I must
be missing something here too. Thanks for any ideas.

Same reasons as above.

Database designers and administrators tend to be a suspicious and
paranoid lot. If you don't start out that way, losing data the first
time will make you so ;)

hth

- Thomas

#3murphy pope
murphy pope
pope_murphy@hotmail.com
In reply to: Thomas Lockhart (#2)
Re: Why is ALLOW_ABSOLUTE_DBPATHS unsafe?

Thanks Thomas.

Maybe I'm just not devious enough, but I can't figure out what the risks
are. Can anyone enlighten me?

Security issues include allowing non-privileged users access to
uncontrolled areas of storage. A devious non-privileged user might be
able to execute privileged code or otherwise mess around with data.

Oh, because the DBPATH directory and files will be created by and owned by
user postgres instead of the actual user, right?

Data integrity issues include having the DBA lose control over *where*
data in the database is actually located. If a user decides to configure
some tables under /tmp, the DBA will have no way of knowing and will
have no opportunity to help plan the data storage strategy for his
system.

I'm not sure that's completely true, but maybe that's because I haven't
played with alternate locations enough. Can't you look at the dbpath column
pg_database to find out where all databases are located? I realize that you
have to *know* to look there.

_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

Import Notes
Resolved by subject fallback
← Back to Topics