Vulnerability

    PostgreSQL RPM's permission

Affected

    PostgreSQL

Description

    Lamar Owen found following.  He  as the maintainer of the RPM  set
    for PostgreSQL  made the  following announcement  about a security
    vulnerability in the RPM  installation of PostgreSQL available  to
    any local user  of the machine  running the 'postmaster'  process.
    This vulnerability only involves PostgreSQL connection  passwords.
    The  backend  process  creates  a  flat-file copy of the pg_shadow
    username  and  password  database  called  'pg_pwd'  --  due to an
    internal error this  file is created  mode '666'.   This in itself
    is not good -- but the  directory that this file resides in  is by
    default mode '700', so it is not in itself a hole (although it  is
    being fixed for version 7.0).

    HOWEVER,  the  RPM  distribution  up  to  version  6.5.3-1 had the
    directory  (/var/lib/pgsql)  in  a  highly  insecure  mode   '755'
    condition.

Solution

    The latest RPMS available at:

        http://www.ramifordistat.net/postgres

    fix this to mode '700'.  The quick fix is to

        chmod 700 /var/lib/pgsql

    If this chmod is not done, or the new RPM not installed, any local
    user is able to read  the pg_pwd file -- which  contains plaintext
    username/password pairs.