| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Desidero <desidero(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: [GENERAL] pgpass file type restrictions |
| Date: | 2018-01-29 03:48:29 |
| Message-ID: | 20180129034829.GC11620@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Oct 19, 2017 at 08:22:18AM -0400, Andrew Dunstan wrote:
>
>
> On 10/19/2017 02:12 AM, Tom Lane wrote:
> > Desidero <desidero(at)gmail(dot)com> writes:
> >> I’m running into problems with the restriction on pgpass file types. When
> >> attempting to use something like an anonymous pipe for a passfile, psql
> >> throws an error stating that it only accepts plain files.
> >> ...
> >> Does anyone know why it’s set up to avoid using things like anonymous pipes
> >> (or anything but "plain files")?
> > A bit of digging in the git history says that the check was added here:
> >
> > commit 453d74b99c9ba6e5e75d214b0d7bec13553ded89
> > Author: Bruce Momjian <bruce(at)momjian(dot)us>
> > Date: Fri Jun 10 03:02:30 2005 +0000
> >
> > Add the "PGPASSFILE" environment variable to specify to the password
> > file.
> >
> > Andrew Dunstan
> >
> > and poking around in the mailing list archives from that time finds
> > what seems to be the originating thread:
> >
> > https://www.postgresql.org/message-id/flat/4123BF8C.5000909%40pse-consulting.de
> >
> > There's no real discussion there of the check for plain-file-ness.
> > My first guess would have been that the idea was to guard against
> > symlink attacks; but then surely the stat call needed to have been
> > changed to lstat? So I'm not quite sure of the reasoning. Perhaps
> > Andrew remembers.
>
>
>
> That was written 13 years ago. I'm afraid my memory isn't that good.
I am coming in late here, but the thread does say:
https://www.postgresql.org/message-id/200506100302.j5A32aj12016%40candle.pha.pa.us
Another new addition is that we now will check to see that the password
file is a regular file and not a symlink or something. This was part of
your patch for PGPASSFILE but I extended it to ~/.pgpass too.
Seems the stat, and not lstat, usage is a bug.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thiemo Kellner | 2018-01-29 05:03:06 | Re: FW: Setting up streaming replication problems |
| Previous Message | David Fetter | 2018-01-29 02:57:48 | == PostgreSQL Weekly News - January 28 2018 == |