oss-sec mailing list archives
postgresql: pg_dump creates world-readable dump
From: Agostino Sarubbo <ago () gentoo org>
Date: Sun, 07 Dec 2014 16:49:47 +0100
Hello, I just discovered that pg_dump creates the database dump with world readable permission (644 to be exactly). I provided to inform upstream about, and this was the response: On Sunday 07 December 2014 10:34:19 Noah Misch wrote:
You presumably have umask 0022. Like most programs, pg_dump does not constrain modes of files it creates; adjust your umask for that. A few programs do otherwise; for example, ssh-keygen specifically constrains the mode of new private key files. A database dump is not in such a special category, so pg_dump should continue to do the standard thing.
A local user is able to copy it and discover sensitive data. In my opinion it deserves a cve. -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- postgresql: pg_dump creates world-readable dump Agostino Sarubbo (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump gremlin (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump Agostino Sarubbo (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump Robert Scheck (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump Julien Cristau (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump Robert Scheck (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump Julien Cristau (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump gremlin (Dec 07)