Change backend-side COPY to write files with permissions 644 not 666
(whoever thought world-writable files were a good default????). Modify the pg_pwd code so that pg_pwd is created with 600 permissions. Modify initdb so that permissions on a pre-existing PGDATA directory are not blindly accepted: if the dir is already there, it does chmod go-rwx to be sure that the permissions are OK and the dir actually is owned by postgres.
Showing
- src/backend/commands/copy.c 9 additions, 4 deletionssrc/backend/commands/copy.c
- src/backend/commands/user.c 22 additions, 13 deletionssrc/backend/commands/user.c
- src/backend/tcop/utility.c 6 additions, 2 deletionssrc/backend/tcop/utility.c
- src/bin/initdb/initdb.sh 9 additions, 1 deletionsrc/bin/initdb/initdb.sh
- src/include/commands/copy.h 3 additions, 3 deletionssrc/include/commands/copy.h
Loading
Please register or sign in to comment