Tom Lane [2005-10-16 0:41 -0400]:
> Martin Pitt <mpitt(at)debian(dot)org> writes:
> > At least the certificate could be permitted to be owned/in group root.
> > I cannot see how this should weaken the certificate's security.
> Postgres doesn't run as root, hence could not use such a certificate
> unless it was world-readable.
Please see my original mail. If you use ACLs, postgres can very well
be able to read the certificate.
The point was that a key's security is not weakened if it is owned by
root instead of "postgres" - to the contrary. So I don't see the point
of the check that actively prohibits a key being owned by root.
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org
In response to
pgsql-bugs by date
|Next:||From: Klint Gore||Date: 2005-10-17 00:44:15|
|Subject: Re: BUG #1956: Plpgsql top-level DECLARE does not share scope |
|Previous:||From: Tom Lane||Date: 2005-10-16 04:41:04|
|Subject: Re: BUG #1963: SSL certificate permission check is too strict |