On Apr 14, 2006, at 6:47 PM, Peter van der Maas wrote:
Hello,
Is it correct to assume that if a user has write permission to
\data\global\pg_auth on a Win32 machine, the superuser's MD5 hash
can be
replaced with one of a known origin in order to own the DB?
Probably. It'd be much easier to edit pg_hba.conf, though.
If anyone other than postgres has read permission, let alone write
permission, to /usr/local/pgsql/data or equivalent, or anywhere
underneath
there, you're on very shaky security grounds.
I do practice as noted in the Win FAQ, just want to make sure I am not
missing something:
"If you are running PostgreSQL on a multi-user system, you should
remove
the permissions from all non-administrative users from the PostgreSQL
directories. No user ever needs permissions on the PostgreSQL files -
all communication is done through the libpq connection. Direct
access to
data files can lead to information disclosure or system instability!"
As in "We 0wn3rz y0uz database".
Cheers,
Steve
