oss-sec mailing list archives
Re: postgresql: pg_dump creates world-readable dump
From: Robert Scheck <robert () fedoraproject org>
Date: Sun, 7 Dec 2014 20:31:27 +0100
Hello Agostino, On Sun, 07 Dec 2014, Agostino Sarubbo wrote:
I just discovered that pg_dump creates the database dump with world readable permission (644 to be exactly).
I think you got tricked by either umask or an existing file that was already created with other permissions before, because here it looks like this: $ pg_dump --version pg_dump (PostgreSQL) 9.3.5 $ $ umask 0022 $ pg_dump postgres > postgres1.sql $ ls -l postgres1.sql -rw-r--r--. 1 postgres postgres 902 Dec 7 20:17 postgres1.sql $ $ umask 0077 $ umask 0077 $ pg_dump postgres > postgres2.sql $ ls -l postgres2.sql -rw-------. 1 postgres postgres 902 Dec 7 20:17 postgres2.sql $ But: $ touch postgres3.sql $ chmod 644 postgres3.sql $ pg_dump postgres > postgres3.sql $ ls -l postgres3.sql -rw-r--r--. 1 postgres postgres 902 Dec 7 20:17 postgres3.sql $
In my opinion it deserves a cve.
I do not know which behaviour you are exactly seeing (and for which version of PostgreSQL) but above seems absolutely fine to me. Robert
Attachment:
_bin
Description:
Current thread:
- postgresql: pg_dump creates world-readable dump Agostino Sarubbo (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump gremlin (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump Agostino Sarubbo (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump Robert Scheck (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump Julien Cristau (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump Robert Scheck (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump Julien Cristau (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump gremlin (Dec 07)