2.2 Ensure extension directory has appropriate ownership and permissions

Information

The extension directory is the location of the PostgreSQL extensions. Extensions are storage engines or user defined functions (UDFs).

Rationale:

Limiting the accessibility of these objects will protect the confidentiality, integrity, and availability of the PostgreSQL database. If someone can modify extensions, then these extensions can be used to execute illicit instructions.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

If needed, correct the permissions on the extension dir by eecuting:

sudo chown root:root $ext_dir
sudo chmod 0755 $ext_dir

If the permissions needed correct, it is imperative that all extensions found in $ext_dir are evaluated to ensure they have not been modified!

See Also

https://workbench.cisecurity.org/benchmarks/17003

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2

Plugin: Unix

Control ID: 045f8833c68324d5e8fe329b5b62f6fd873c6179fc751ec164a7ae01c8688db2