Re: [HACKERS] pg_settings.sourcefile patch is a security breach

Magnus Hagander wrote: > Tom Lane wrote: >> We go to some lengths to prevent non-superusers from examining >> data_directory and other values that would tell them exactly where the >> PG data directory is in the server's filesystem. The recently applied >> patch to expose full pathnames of GUC var

Re: [HACKERS] pg_settings.sourcefile patch is a security breach

Tom Lane wrote: > We go to some lengths to prevent non-superusers from examining > data_directory and other values that would tell them exactly where the > PG data directory is in the server's filesystem. The recently applied > patch to expose full pathnames of GUC variables' source files blows a

[HACKERS] pg_settings.sourcefile patch is a security breach

We go to some lengths to prevent non-superusers from examining data_directory and other values that would tell them exactly where the PG data directory is in the server's filesystem. The recently applied patch to expose full pathnames of GUC variables' source files blows a hole a mile wide in that