oss-sec mailing list archives

Re: postgresql: pg_dump creates world-readable dump

From: Robert Scheck <robert () fedoraproject org>
Date: Sun, 7 Dec 2014 20:31:27 +0100

Hello Agostino,

On Sun, 07 Dec 2014, Agostino Sarubbo wrote:

I just discovered that pg_dump creates the database dump with world readable 
permission (644 to be exactly).


I think you got tricked by either umask or an existing file that was
already created with other permissions before, because here it looks
like this:

$ pg_dump --version
pg_dump (PostgreSQL) 9.3.5
$

$ umask 
0022
$ pg_dump postgres > postgres1.sql
$ ls -l postgres1.sql
-rw-r--r--. 1 postgres postgres 902 Dec  7 20:17 postgres1.sql
$ 

$ umask 0077
$ umask 
0077
$ pg_dump postgres > postgres2.sql
$ ls -l postgres2.sql
-rw-------. 1 postgres postgres 902 Dec  7 20:17 postgres2.sql
$ 

But: 

$ touch postgres3.sql
$ chmod 644 postgres3.sql
$ pg_dump postgres > postgres3.sql
$ ls -l postgres3.sql
-rw-r--r--. 1 postgres postgres 902 Dec  7 20:17 postgres3.sql
$

In my opinion it deserves a cve.


I do not know which behaviour you are exactly seeing (and for which
version of PostgreSQL) but above seems absolutely fine to me.

Robert

Attachment: _bin
Description:

Current thread:

postgresql: pg_dump creates world-readable dump Agostino Sarubbo (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump gremlin (Dec 07)
  - Re: postgresql: pg_dump creates world-readable dump Agostino Sarubbo (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump Robert Scheck (Dec 07)
  - Re: postgresql: pg_dump creates world-readable dump Julien Cristau (Dec 07)
    - Re: postgresql: pg_dump creates world-readable dump Robert Scheck (Dec 07)