Re: vulnerability/SSL

On Wed, 2005-06-08 at 10:00 -0700, dong changyu wrote:
> Hi,
> A possible countermeasure on Windows platform,
> inspired by Magnus.Thanks ;)
> First we remove the passphrase from the key file,
> making it plain.
> Windows provides a feature "encrypted file system",
> provide transparent encryption/decryption. We can log
> on using the account we run Postgres with and encrypt
> the plaintext key file. Then we logon using another
> non-amin account, and start postgres using "runas"
> service. Therefore the file is encrypted, only the
> Postgres acount and the recovery agent(built-in
> administrator by default) can read/modify it. The file
> will remain encrypted when restored from backup.
> I've tested it on my computer and it works.
>
> cheers,
> Changyu

You mean that every process that runs as "postgres" has the ability to
read the file _without typing any password_? Or when you start
PostgreSQL it prompts for one? Can "administrator" read it _without
knowing password_?

I may be missing something, but what's the difference with a file like
this:

-r-------- 1 postgres postgres 50 Jan 15 21:15 akey

in any Unix system? Only "postgres" and "root" can read it.

How about backups? Does the backup process (I assume it runs as
administrator) store the key in cleartext?

.TM.
--
____/ ____/ /
/ / / Marco Colombo
___/ ___ / / Technical Manager
/ / / ESI s.r.l.
_____/ _____/ _/ Colombo(at)ESI(dot)it