From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Peter Geoghegan <pg(at)heroku(dot)com>, KONDO Mitsumasa <kondo(dot)mitsumasa(at)lab(dot)ntt(dot)co(dot)jp>, pgsql-committers(at)postgresql(dot)org |
Subject: | Re: pgsql: Keep pg_stat_statements' query texts in a file, not in shared me |
Date: | 2014-01-28 01:34:17 |
Message-ID: | 52E70919.60600@dunslane.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers pgsql-hackers |
On 01/27/2014 08:23 PM, Tom Lane wrote:
> Peter Geoghegan <pg(at)heroku(dot)com> writes:
>> On Mon, Jan 27, 2014 at 5:12 PM, KONDO Mitsumasa
>> <kondo(dot)mitsumasa(at)lab(dot)ntt(dot)co(dot)jp> wrote:
>>> This patch has security problem that root can easily see the statement file
>>> in database cluster.
>> By default, we always serialize statements along with their query
>> texts to disk on shutdown. Until May of 2012, pg_stat_statements
>> didn't bother unlinking on startup, and so the file with query texts
>> was always on the PGDATA filesystem. What's the difference?
> Root can certainly also look at query texts in shared memory, or for that
> matter in the local memory of any process. So can anybody else running as
> the postgres userid.
>
> Also, current query texts are probably less interesting to an intruder
> than the contents of the database itself, which is stored in the same
> directory tree with the same permissions (0600) as the query-text file.
>
> So I'm failing to detect any incremental increase in risk here. Anybody
> who can read that file can already do pretty much whatever he wants with
> either the server processes or the database contents.
>
>
The query texts are particularly uninteresting since I assume the data
values in the query have already been mostly dissolved away by
pg_stat_statements.
cheers
andrew
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Geoghegan | 2014-01-28 01:35:04 | Re: pgsql: Keep pg_stat_statements' query texts in a file, not in shared me |
Previous Message | Tom Lane | 2014-01-28 01:23:38 | Re: pgsql: Keep pg_stat_statements' query texts in a file, not in shared me |
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Geoghegan | 2014-01-28 01:35:04 | Re: pgsql: Keep pg_stat_statements' query texts in a file, not in shared me |
Previous Message | Tom Lane | 2014-01-28 01:23:38 | Re: pgsql: Keep pg_stat_statements' query texts in a file, not in shared me |