Skip site navigation (1) Skip section navigation (2)

Re: BUG #1963: SSL certificate permission check is too strict

From: Martin Pitt <mpitt(at)debian(dot)org>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #1963: SSL certificate permission check is too strict
Date: 2005-10-16 09:45:20
Message-ID: 20051016094520.GC20451@box79162.elkhouse.de (view raw or flat)
Thread:
Lists: pgsql-bugs
Hi Tom!

Tom Lane [2005-10-16  0:41 -0400]:
> Martin Pitt <mpitt(at)debian(dot)org> writes:
> > At least the certificate could be permitted to be owned/in group root.
> > I cannot see how this should weaken the certificate's security.
> 
> Postgres doesn't run as root, hence could not use such a certificate
> unless it was world-readable.

Please see my original mail. If you use ACLs, postgres can very well
be able to read the certificate.

The point was that a key's security is not weakened if it is owned by
root instead of "postgres" - to the contrary. So I don't see the point
of the check that actively prohibits a key being owned by root.

Martin

-- 
Martin Pitt              http://www.piware.de
Ubuntu Developer   http://www.ubuntulinux.org
Debian Developer        http://www.debian.org

In response to

pgsql-bugs by date

Next:From: Klint GoreDate: 2005-10-17 00:44:15
Subject: Re: BUG #1956: Plpgsql top-level DECLARE does not share scope
Previous:From: Tom LaneDate: 2005-10-16 04:41:04
Subject: Re: BUG #1963: SSL certificate permission check is too strict

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group