public inbox for [email protected]
help / color / mirror / Atom feedPotential Security Issue: Permissions in PgAdmin Installation Directory
9+ messages / 4 participants
[nested] [flat]
* Potential Security Issue: Permissions in PgAdmin Installation Directory
@ 2024-05-31 06:17 Qasim Tahir <[email protected]>
2024-05-31 22:09 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Dave Page <[email protected]>
0 siblings, 1 reply; 9+ messages in thread
From: Qasim Tahir @ 2024-05-31 06:17 UTC (permalink / raw)
To: pgadmin-hackers
Dear PgAdmin Community,
I am writing to report a potential security issue with the permissions set
in the PgAdmin installation directory.
After installing PgAdmin, I observed that several directories, including
'bin', 'venv', and 'web', have 775 permissions. Here are the details of the
directory permissions:
[image: image.png]
Given the broad access provided by 775 permissions, there is a concern
about the potential for unauthorized access or modifications.
I would like to ask if these permissions are necessary for PgAdmin's
operation or if they could be tightened to enhance security.
Your guidance on this matter would be greatly appreciated.
Thank you for your attention to this issue.
Best Regards,
Qasim Tahir
AGEDB
Attachments:
[image/png] image.png (23.8K, 3-image.png)
download | view image
^ permalink raw reply [nested|flat] 9+ messages in thread
* Re: Potential Security Issue: Permissions in PgAdmin Installation Directory
2024-05-31 06:17 Potential Security Issue: Permissions in PgAdmin Installation Directory Qasim Tahir <[email protected]>
@ 2024-05-31 22:09 ` Dave Page <[email protected]>
2024-06-01 15:04 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Dave Page <[email protected]>
2024-06-02 09:27 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Usman Khan <[email protected]>
0 siblings, 2 replies; 9+ messages in thread
From: Dave Page @ 2024-05-31 22:09 UTC (permalink / raw)
To: Qasim Tahir <[email protected]>; +Cc: pgadmin-hackers
Hi
On Thu, 30 May 2024 at 23:17, Qasim Tahir <[email protected]> wrote:
> Dear PgAdmin Community,
>
> I am writing to report a potential security issue with the permissions set
> in the PgAdmin installation directory.
>
> After installing PgAdmin, I observed that several directories, including
> 'bin', 'venv', and 'web', have 775 permissions. Here are the details of the
> directory permissions:
> [image: image.png]
>
> Given the broad access provided by 775 permissions, there is a concern
> about the potential for unauthorized access or modifications.
>
>
> I would like to ask if these permissions are necessary for PgAdmin's
> operation or if they could be tightened to enhance security.
>
> Your guidance on this matter would be greatly appreciated.
>
> Thank you for your attention to this issue.
>
What platform and package is this exactly?
--
Dave Page
pgAdmin: https://www.pgadmin.org
PostgreSQL: https://www.postgresql.org
EDB: https://www.enterprisedb.com
Attachments:
[image/png] image.png (23.8K, 3-image.png)
download | view image
^ permalink raw reply [nested|flat] 9+ messages in thread
* Re: Potential Security Issue: Permissions in PgAdmin Installation Directory
2024-05-31 06:17 Potential Security Issue: Permissions in PgAdmin Installation Directory Qasim Tahir <[email protected]>
2024-05-31 22:09 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Dave Page <[email protected]>
@ 2024-06-01 15:04 ` Dave Page <[email protected]>
2024-06-03 05:46 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Khushboo Vashi <[email protected]>
1 sibling, 1 reply; 9+ messages in thread
From: Dave Page @ 2024-06-01 15:04 UTC (permalink / raw)
To: Qasim Tahir <[email protected]>; +Cc: Akshay Joshi <[email protected]>; pgadmin-hackers
Akshay, could you or one of the team look into this please?
Thanks.
On Fri, 31 May 2024 at 23:27, Qasim Tahir <[email protected]> wrote:
> Hi,
> Platform and package details are below
>
> Platform: *Rocky 8.9*
> *pgadmin *version*: 8.7*
>
> Regards
> Qasim
>
> On Sat, Jun 1, 2024 at 3:09 AM Dave Page <[email protected]> wrote:
>
>> Hi
>>
>> On Thu, 30 May 2024 at 23:17, Qasim Tahir <[email protected]>
>> wrote:
>>
>>> Dear PgAdmin Community,
>>>
>>> I am writing to report a potential security issue with the permissions
>>> set in the PgAdmin installation directory.
>>>
>>> After installing PgAdmin, I observed that several directories, including
>>> 'bin', 'venv', and 'web', have 775 permissions. Here are the details of the
>>> directory permissions:
>>> [image: image.png]
>>>
>>> Given the broad access provided by 775 permissions, there is a concern
>>> about the potential for unauthorized access or modifications.
>>>
>>>
>>> I would like to ask if these permissions are necessary for PgAdmin's
>>> operation or if they could be tightened to enhance security.
>>>
>>> Your guidance on this matter would be greatly appreciated.
>>>
>>> Thank you for your attention to this issue.
>>>
>>
>> What platform and package is this exactly?
>>
>> --
>> Dave Page
>> pgAdmin: https://www.pgadmin.org
>> PostgreSQL: https://www.postgresql.org
>> EDB: https://www.enterprisedb.com
>>
>>
--
Dave Page
pgAdmin: https://www.pgadmin.org
PostgreSQL: https://www.postgresql.org
EDB: https://www.enterprisedb.com
Attachments:
[image/png] image.png (23.8K, 3-image.png)
download | view image
^ permalink raw reply [nested|flat] 9+ messages in thread
* Re: Potential Security Issue: Permissions in PgAdmin Installation Directory
2024-05-31 06:17 Potential Security Issue: Permissions in PgAdmin Installation Directory Qasim Tahir <[email protected]>
2024-05-31 22:09 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Dave Page <[email protected]>
2024-06-01 15:04 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Dave Page <[email protected]>
@ 2024-06-03 05:46 ` Khushboo Vashi <[email protected]>
2024-06-10 09:48 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Qasim Tahir <[email protected]>
0 siblings, 1 reply; 9+ messages in thread
From: Khushboo Vashi @ 2024-06-03 05:46 UTC (permalink / raw)
To: Dave Page <[email protected]>; +Cc: Qasim Tahir <[email protected]>; Akshay Joshi <[email protected]>; pgadmin-hackers
On Sat, Jun 1, 2024 at 8:34 PM Dave Page <[email protected]> wrote:
> Akshay, could you or one of the team look into this please?
>
I am looking into this issue
>
> Thanks.
>
> On Fri, 31 May 2024 at 23:27, Qasim Tahir <[email protected]>
> wrote:
>
>> Hi,
>> Platform and package details are below
>>
>> Platform: *Rocky 8.9*
>> *pgadmin *version*: 8.7*
>>
>> Regards
>> Qasim
>>
>> On Sat, Jun 1, 2024 at 3:09 AM Dave Page <[email protected]> wrote:
>>
>>> Hi
>>>
>>> On Thu, 30 May 2024 at 23:17, Qasim Tahir <[email protected]>
>>> wrote:
>>>
>>>> Dear PgAdmin Community,
>>>>
>>>> I am writing to report a potential security issue with the permissions
>>>> set in the PgAdmin installation directory.
>>>>
>>>> After installing PgAdmin, I observed that several directories,
>>>> including 'bin', 'venv', and 'web', have 775 permissions. Here are the
>>>> details of the directory permissions:
>>>> [image: image.png]
>>>>
>>>> Given the broad access provided by 775 permissions, there is a concern
>>>> about the potential for unauthorized access or modifications.
>>>>
>>>>
>>>> I would like to ask if these permissions are necessary for PgAdmin's
>>>> operation or if they could be tightened to enhance security.
>>>>
>>>> Your guidance on this matter would be greatly appreciated.
>>>>
>>>> Thank you for your attention to this issue.
>>>>
>>>
>>> What platform and package is this exactly?
>>>
>>> --
>>> Dave Page
>>> pgAdmin: https://www.pgadmin.org
>>> PostgreSQL: https://www.postgresql.org
>>> EDB: https://www.enterprisedb.com
>>>
>>>
>
> --
> Dave Page
> pgAdmin: https://www.pgadmin.org
> PostgreSQL: https://www.postgresql.org
> EDB: https://www.enterprisedb.com
>
>
Attachments:
[image/png] image.png (23.8K, 3-image.png)
download | view image
^ permalink raw reply [nested|flat] 9+ messages in thread
* Re: Potential Security Issue: Permissions in PgAdmin Installation Directory
2024-05-31 06:17 Potential Security Issue: Permissions in PgAdmin Installation Directory Qasim Tahir <[email protected]>
2024-05-31 22:09 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Dave Page <[email protected]>
2024-06-01 15:04 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Dave Page <[email protected]>
2024-06-03 05:46 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Khushboo Vashi <[email protected]>
@ 2024-06-10 09:48 ` Qasim Tahir <[email protected]>
2024-06-10 10:05 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Khushboo Vashi <[email protected]>
2024-06-12 05:09 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Khushboo Vashi <[email protected]>
0 siblings, 2 replies; 9+ messages in thread
From: Qasim Tahir @ 2024-06-10 09:48 UTC (permalink / raw)
To: Khushboo Vashi <[email protected]>; +Cc: Dave Page <[email protected]>; Akshay Joshi <[email protected]>; pgadmin-hackers
Hi Everyone,
Any update regarding the issue.
Thanks
Qasim
On Mon, Jun 3, 2024 at 10:46 AM Khushboo Vashi <
[email protected]> wrote:
>
>
> On Sat, Jun 1, 2024 at 8:34 PM Dave Page <[email protected]> wrote:
>
>> Akshay, could you or one of the team look into this please?
>>
> I am looking into this issue
>
>>
>> Thanks.
>>
>> On Fri, 31 May 2024 at 23:27, Qasim Tahir <[email protected]>
>> wrote:
>>
>>> Hi,
>>> Platform and package details are below
>>>
>>> Platform: *Rocky 8.9*
>>> *pgadmin *version*: 8.7*
>>>
>>> Regards
>>> Qasim
>>>
>>> On Sat, Jun 1, 2024 at 3:09 AM Dave Page <[email protected]> wrote:
>>>
>>>> Hi
>>>>
>>>> On Thu, 30 May 2024 at 23:17, Qasim Tahir <[email protected]>
>>>> wrote:
>>>>
>>>>> Dear PgAdmin Community,
>>>>>
>>>>> I am writing to report a potential security issue with the permissions
>>>>> set in the PgAdmin installation directory.
>>>>>
>>>>> After installing PgAdmin, I observed that several directories,
>>>>> including 'bin', 'venv', and 'web', have 775 permissions. Here are the
>>>>> details of the directory permissions:
>>>>> [image: image.png]
>>>>>
>>>>> Given the broad access provided by 775 permissions, there is a concern
>>>>> about the potential for unauthorized access or modifications.
>>>>>
>>>>>
>>>>> I would like to ask if these permissions are necessary for PgAdmin's
>>>>> operation or if they could be tightened to enhance security.
>>>>>
>>>>> Your guidance on this matter would be greatly appreciated.
>>>>>
>>>>> Thank you for your attention to this issue.
>>>>>
>>>>
>>>> What platform and package is this exactly?
>>>>
>>>> --
>>>> Dave Page
>>>> pgAdmin: https://www.pgadmin.org
>>>> PostgreSQL: https://www.postgresql.org
>>>> EDB: https://www.enterprisedb.com
>>>>
>>>>
>>
>> --
>> Dave Page
>> pgAdmin: https://www.pgadmin.org
>> PostgreSQL: https://www.postgresql.org
>> EDB: https://www.enterprisedb.com
>>
>>
Attachments:
[image/png] image.png (23.8K, 3-image.png)
download | view image
^ permalink raw reply [nested|flat] 9+ messages in thread
* Re: Potential Security Issue: Permissions in PgAdmin Installation Directory
2024-05-31 06:17 Potential Security Issue: Permissions in PgAdmin Installation Directory Qasim Tahir <[email protected]>
2024-05-31 22:09 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Dave Page <[email protected]>
2024-06-01 15:04 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Dave Page <[email protected]>
2024-06-03 05:46 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Khushboo Vashi <[email protected]>
2024-06-10 09:48 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Qasim Tahir <[email protected]>
@ 2024-06-10 10:05 ` Khushboo Vashi <[email protected]>
1 sibling, 0 replies; 9+ messages in thread
From: Khushboo Vashi @ 2024-06-10 10:05 UTC (permalink / raw)
To: Qasim Tahir <[email protected]>; +Cc: Dave Page <[email protected]>; Akshay Joshi <[email protected]>; pgadmin-hackers
On Mon, Jun 10, 2024 at 3:18 PM Qasim Tahir <[email protected]>
wrote:
> Hi Everyone,
>
> Any update regarding the issue.
>
We are working on this issue and it will be available in the next release,
scheduled at the end of June.
>
> Thanks
> Qasim
>
> On Mon, Jun 3, 2024 at 10:46 AM Khushboo Vashi <
> [email protected]> wrote:
>
>>
>>
>> On Sat, Jun 1, 2024 at 8:34 PM Dave Page <[email protected]> wrote:
>>
>>> Akshay, could you or one of the team look into this please?
>>>
>> I am looking into this issue
>>
>>>
>>> Thanks.
>>>
>>> On Fri, 31 May 2024 at 23:27, Qasim Tahir <[email protected]>
>>> wrote:
>>>
>>>> Hi,
>>>> Platform and package details are below
>>>>
>>>> Platform: *Rocky 8.9*
>>>> *pgadmin *version*: 8.7*
>>>>
>>>> Regards
>>>> Qasim
>>>>
>>>> On Sat, Jun 1, 2024 at 3:09 AM Dave Page <[email protected]> wrote:
>>>>
>>>>> Hi
>>>>>
>>>>> On Thu, 30 May 2024 at 23:17, Qasim Tahir <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> Dear PgAdmin Community,
>>>>>>
>>>>>> I am writing to report a potential security issue with the
>>>>>> permissions set in the PgAdmin installation directory.
>>>>>>
>>>>>> After installing PgAdmin, I observed that several directories,
>>>>>> including 'bin', 'venv', and 'web', have 775 permissions. Here are the
>>>>>> details of the directory permissions:
>>>>>> [image: image.png]
>>>>>>
>>>>>> Given the broad access provided by 775 permissions, there is a
>>>>>> concern about the potential for unauthorized access or modifications.
>>>>>>
>>>>>>
>>>>>> I would like to ask if these permissions are necessary for PgAdmin's
>>>>>> operation or if they could be tightened to enhance security.
>>>>>>
>>>>>> Your guidance on this matter would be greatly appreciated.
>>>>>>
>>>>>> Thank you for your attention to this issue.
>>>>>>
>>>>>
>>>>> What platform and package is this exactly?
>>>>>
>>>>> --
>>>>> Dave Page
>>>>> pgAdmin: https://www.pgadmin.org
>>>>> PostgreSQL: https://www.postgresql.org
>>>>> EDB: https://www.enterprisedb.com
>>>>>
>>>>>
>>>
>>> --
>>> Dave Page
>>> pgAdmin: https://www.pgadmin.org
>>> PostgreSQL: https://www.postgresql.org
>>> EDB: https://www.enterprisedb.com
>>>
>>>
Attachments:
[image/png] image.png (23.8K, 3-image.png)
download | view image
^ permalink raw reply [nested|flat] 9+ messages in thread
* Re: Potential Security Issue: Permissions in PgAdmin Installation Directory
2024-05-31 06:17 Potential Security Issue: Permissions in PgAdmin Installation Directory Qasim Tahir <[email protected]>
2024-05-31 22:09 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Dave Page <[email protected]>
2024-06-01 15:04 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Dave Page <[email protected]>
2024-06-03 05:46 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Khushboo Vashi <[email protected]>
2024-06-10 09:48 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Qasim Tahir <[email protected]>
@ 2024-06-12 05:09 ` Khushboo Vashi <[email protected]>
2024-06-12 11:07 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Qasim Tahir <[email protected]>
1 sibling, 1 reply; 9+ messages in thread
From: Khushboo Vashi @ 2024-06-12 05:09 UTC (permalink / raw)
To: Qasim Tahir <[email protected]>; +Cc: Dave Page <[email protected]>; Akshay Joshi <[email protected]>; pgadmin-hackers
Hello,
We have fixed this issue, you can test our nightly builds to verify the fix.
To test the nightly build, follow the instructions given here
https://www.postgresql.org/ftp/pgadmin/pgadmin4/snapshots/2024-06-12/apt/ .
Thanks,
Khushboo
On Mon, Jun 10, 2024 at 3:18 PM Qasim Tahir <[email protected]>
wrote:
> Hi Everyone,
>
> Any update regarding the issue.
>
> Thanks
> Qasim
>
> On Mon, Jun 3, 2024 at 10:46 AM Khushboo Vashi <
> [email protected]> wrote:
>
>>
>>
>> On Sat, Jun 1, 2024 at 8:34 PM Dave Page <[email protected]> wrote:
>>
>>> Akshay, could you or one of the team look into this please?
>>>
>> I am looking into this issue
>>
>>>
>>> Thanks.
>>>
>>> On Fri, 31 May 2024 at 23:27, Qasim Tahir <[email protected]>
>>> wrote:
>>>
>>>> Hi,
>>>> Platform and package details are below
>>>>
>>>> Platform: *Rocky 8.9*
>>>> *pgadmin *version*: 8.7*
>>>>
>>>> Regards
>>>> Qasim
>>>>
>>>> On Sat, Jun 1, 2024 at 3:09 AM Dave Page <[email protected]> wrote:
>>>>
>>>>> Hi
>>>>>
>>>>> On Thu, 30 May 2024 at 23:17, Qasim Tahir <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> Dear PgAdmin Community,
>>>>>>
>>>>>> I am writing to report a potential security issue with the
>>>>>> permissions set in the PgAdmin installation directory.
>>>>>>
>>>>>> After installing PgAdmin, I observed that several directories,
>>>>>> including 'bin', 'venv', and 'web', have 775 permissions. Here are the
>>>>>> details of the directory permissions:
>>>>>> [image: image.png]
>>>>>>
>>>>>> Given the broad access provided by 775 permissions, there is a
>>>>>> concern about the potential for unauthorized access or modifications.
>>>>>>
>>>>>>
>>>>>> I would like to ask if these permissions are necessary for PgAdmin's
>>>>>> operation or if they could be tightened to enhance security.
>>>>>>
>>>>>> Your guidance on this matter would be greatly appreciated.
>>>>>>
>>>>>> Thank you for your attention to this issue.
>>>>>>
>>>>>
>>>>> What platform and package is this exactly?
>>>>>
>>>>> --
>>>>> Dave Page
>>>>> pgAdmin: https://www.pgadmin.org
>>>>> PostgreSQL: https://www.postgresql.org
>>>>> EDB: https://www.enterprisedb.com
>>>>>
>>>>>
>>>
>>> --
>>> Dave Page
>>> pgAdmin: https://www.pgadmin.org
>>> PostgreSQL: https://www.postgresql.org
>>> EDB: https://www.enterprisedb.com
>>>
>>>
Attachments:
[image/png] image.png (23.8K, 3-image.png)
download | view image
^ permalink raw reply [nested|flat] 9+ messages in thread
* Re: Potential Security Issue: Permissions in PgAdmin Installation Directory
2024-05-31 06:17 Potential Security Issue: Permissions in PgAdmin Installation Directory Qasim Tahir <[email protected]>
2024-05-31 22:09 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Dave Page <[email protected]>
2024-06-01 15:04 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Dave Page <[email protected]>
2024-06-03 05:46 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Khushboo Vashi <[email protected]>
2024-06-10 09:48 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Qasim Tahir <[email protected]>
2024-06-12 05:09 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Khushboo Vashi <[email protected]>
@ 2024-06-12 11:07 ` Qasim Tahir <[email protected]>
0 siblings, 0 replies; 9+ messages in thread
From: Qasim Tahir @ 2024-06-12 11:07 UTC (permalink / raw)
To: Khushboo Vashi <[email protected]>; +Cc: Dave Page <[email protected]>; Akshay Joshi <[email protected]>; pgadmin-hackers
Yes, it worked.
Thanks for your support
Regards
Qasim
On Wed, Jun 12, 2024 at 10:10 AM Khushboo Vashi <
[email protected]> wrote:
> Hello,
>
> We have fixed this issue, you can test our nightly builds to verify the
> fix.
> To test the nightly build, follow the instructions given here
> https://www.postgresql.org/ftp/pgadmin/pgadmin4/snapshots/2024-06-12/apt/
> .
>
> Thanks,
> Khushboo
>
> On Mon, Jun 10, 2024 at 3:18 PM Qasim Tahir <[email protected]>
> wrote:
>
>> Hi Everyone,
>>
>> Any update regarding the issue.
>>
>> Thanks
>> Qasim
>>
>> On Mon, Jun 3, 2024 at 10:46 AM Khushboo Vashi <
>> [email protected]> wrote:
>>
>>>
>>>
>>> On Sat, Jun 1, 2024 at 8:34 PM Dave Page <[email protected]> wrote:
>>>
>>>> Akshay, could you or one of the team look into this please?
>>>>
>>> I am looking into this issue
>>>
>>>>
>>>> Thanks.
>>>>
>>>> On Fri, 31 May 2024 at 23:27, Qasim Tahir <[email protected]>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>> Platform and package details are below
>>>>>
>>>>> Platform: *Rocky 8.9*
>>>>> *pgadmin *version*: 8.7*
>>>>>
>>>>> Regards
>>>>> Qasim
>>>>>
>>>>> On Sat, Jun 1, 2024 at 3:09 AM Dave Page <[email protected]> wrote:
>>>>>
>>>>>> Hi
>>>>>>
>>>>>> On Thu, 30 May 2024 at 23:17, Qasim Tahir <[email protected]>
>>>>>> wrote:
>>>>>>
>>>>>>> Dear PgAdmin Community,
>>>>>>>
>>>>>>> I am writing to report a potential security issue with the
>>>>>>> permissions set in the PgAdmin installation directory.
>>>>>>>
>>>>>>> After installing PgAdmin, I observed that several directories,
>>>>>>> including 'bin', 'venv', and 'web', have 775 permissions. Here are the
>>>>>>> details of the directory permissions:
>>>>>>> [image: image.png]
>>>>>>>
>>>>>>> Given the broad access provided by 775 permissions, there is a
>>>>>>> concern about the potential for unauthorized access or modifications.
>>>>>>>
>>>>>>>
>>>>>>> I would like to ask if these permissions are necessary for PgAdmin's
>>>>>>> operation or if they could be tightened to enhance security.
>>>>>>>
>>>>>>> Your guidance on this matter would be greatly appreciated.
>>>>>>>
>>>>>>> Thank you for your attention to this issue.
>>>>>>>
>>>>>>
>>>>>> What platform and package is this exactly?
>>>>>>
>>>>>> --
>>>>>> Dave Page
>>>>>> pgAdmin: https://www.pgadmin.org
>>>>>> PostgreSQL: https://www.postgresql.org
>>>>>> EDB: https://www.enterprisedb.com
>>>>>>
>>>>>>
>>>>
>>>> --
>>>> Dave Page
>>>> pgAdmin: https://www.pgadmin.org
>>>> PostgreSQL: https://www.postgresql.org
>>>> EDB: https://www.enterprisedb.com
>>>>
>>>>
Attachments:
[image/png] image.png (23.8K, 3-image.png)
download | view image
^ permalink raw reply [nested|flat] 9+ messages in thread
* Re: Potential Security Issue: Permissions in PgAdmin Installation Directory
2024-05-31 06:17 Potential Security Issue: Permissions in PgAdmin Installation Directory Qasim Tahir <[email protected]>
2024-05-31 22:09 ` Re: Potential Security Issue: Permissions in PgAdmin Installation Directory Dave Page <[email protected]>
@ 2024-06-02 09:27 ` Usman Khan <[email protected]>
1 sibling, 0 replies; 9+ messages in thread
From: Usman Khan @ 2024-06-02 09:27 UTC (permalink / raw)
To: Dave Page <[email protected]>; [email protected]
On Sat, Jun 1, 2024 at 3:09 AM Dave Page <[email protected]> wrote:
> Hi
>
> On Thu, 30 May 2024 at 23:17, Qasim Tahir <[email protected]>
> wrote:
>
>> Dear PgAdmin Community,
>>
>> I am writing to report a potential security issue with the permissions
>> set in the PgAdmin installation directory.
>>
>> After installing PgAdmin, I observed that several directories, including
>> 'bin', 'venv', and 'web', have 775 permissions. Here are the details of the
>> directory permissions:
>> [image: image.png]
>>
>> Given the broad access provided by 775 permissions, there is a concern
>> about the potential for unauthorized access or modifications.
>>
>>
>> I would like to ask if these permissions are necessary for PgAdmin's
>> operation or if they could be tightened to enhance security.
>>
>> Your guidance on this matter would be greatly appreciated.
>>
>> Thank you for your attention to this issue.
>>
>
> What platform and package is this exactly?
>
FYI - this behaviour is reproducible on ubuntu 22.04 and rockey 8.9 with
the latest installers for me.
*ubuntu 22.04*
[image: image.png]
*rockey 8.9 - installed through guidance on this link *
https://www.pgadmin.org/download/pgadmin-4-rpm/
[image: image.png]
> --
> Dave Page
> pgAdmin: https://www.pgadmin.org
> PostgreSQL: https://www.postgresql.org
> EDB: https://www.enterprisedb.com
>
>
Attachments:
[image/png] image.png (23.8K, 3-image.png)
download | view image
[image/png] image.png (144.2K, 4-image.png)
download | view image
[image/png] image.png (186.7K, 5-image.png)
download | view image
^ permalink raw reply [nested|flat] 9+ messages in thread
end of thread, other threads:[~2024-06-12 11:07 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2024-05-31 06:17 Potential Security Issue: Permissions in PgAdmin Installation Directory Qasim Tahir <[email protected]>
2024-05-31 22:09 ` Dave Page <[email protected]>
2024-06-01 15:04 ` Dave Page <[email protected]>
2024-06-03 05:46 ` Khushboo Vashi <[email protected]>
2024-06-10 09:48 ` Qasim Tahir <[email protected]>
2024-06-10 10:05 ` Khushboo Vashi <[email protected]>
2024-06-12 05:09 ` Khushboo Vashi <[email protected]>
2024-06-12 11:07 ` Qasim Tahir <[email protected]>
2024-06-02 09:27 ` Usman Khan <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox