Re: BUG #1567: can't hide password with pg_autovacuum

Le Tuesday 29 March 2005 00:40, vous avez écrit :
> The typical way to do this is to use .pgpass in the user's home
> directory. Does that help?

Yes it help, but:
- please notice the issue about ps into the README
- the .pgpass doesn't work on my configuration:

[postgres(at)virgo pgsql]$ pg_autovacuum
[2005-03-29 04:47:32 CEST] ERROR: Failed connection to database template1
with error: fe_sendauth: no password supplied
.
[2005-03-29 04:47:32 CEST] ERROR: Failed connection to database template1
with error: fe_sendauth: no password supplied
.
[2005-03-29 04:47:32 CEST] ERROR: Cannot connect to template1, exiting.

When permission are bad on .pgpass (other than 600), it complain, but failed
to connect on my server. Notice I have seting up access to 'password' to all
connection in my pg_hba.conf. psql... work fine and the password in .pgpass
is ok.

Maybe I will workaround by setting postgres user access as 'trust' for local
connection only, but I have to reread the doc before :).

>
> ---------------------------------------------------------------------------
>
> Olivier Thauvin wrote:
> > The following bug has been logged online:
> >
> > Bug reference: 1567
> > Logged by: Olivier Thauvin
> > Email address: nanardon(at)nanardon(dot)homelinux(dot)org
> > PostgreSQL version: 8.0.1
> > Operating system: Linux (Mandrake cooker)
> > Description: can't hide password with pg_autovacuum
> > Details:
> >
> > I found an security with pg_autovacuum :(
> > After looking the README and --help, it seems there is no way to start it
> > with a configuration file.
> >
> > This is not a problem except when the database is password protected, so
> > you have to use -P option to get it started (no prompt excpet I missed
> > something).
> >
> > The potential issue come from ps, the password is show in clear:
> >
> > nanardon 28664 0.4 0.0 3644 1384 ? Ss 04:05 0:00
> > pg_autovacuum -D -s rpm2sql -PXXXXXX
> >
> > XXXXXX is my password in clear (hidden here of course).
> > As you can see, there is enought information here for someone having an
> > account on the host to connect to DB with admin privileges on the DB (not
> > as postgres user of course, but only the owner of the db can vacuum).
> >
> > Solution:
> > - change the command line after start like some ftp client does
> > - having the possiblility to read password from a file
> > - taking password from envirronment variable (AUTOVACUUM_PASS=pass
> > pg_autovacuum...)
> >
> > If I have any time, I will try to provide a patch, but my knowledge in C
> > are too poor to ensure quality :(
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 9: the planner will ignore your desire to choose an index scan if
> > your joining column's datatypes do not match