Re: BUG #6302: Certificate lookup fails for users with /dev/null as home directory

Il giorno lun, 21/11/2011 alle 09.08 +0100, Magnus Hagander ha scritto:
> What actual error do you get?

ENOTDIR, sorry but I don't really want to break my system again just to
show the strerror output ;)

> Its still impossible to use it securely, but I agree we shouldn't just
> error out in a situation like that - the user wanted to be insecure,
> after all.. But I'm not sure just dropping the check is the correct
> answer - adjusting it is probably a better idea.

Whether non-user-certificate SSL is "unsecure" or not I guess is mostly
up to debate — I think that for many people, including me, simply having
host-based authentication should be quite secure, of course depending on
the use case.

The main problem there is that right now a very common Unix setup is
broken, and that's definitely not what you wanted in the first place.

"Adjusting" the check doesn't seem to make much sense.. you'll still
fail with error in some other situation if you just whitelist ENOTDIR...
simply unify the codepaths, and if stat fails ignore the presence of the
certificate... what's the worst that may happen?

Speaking of this, it might be a good idea to also change the code to
respect the HOME environment variable: in my case the home directory
could be dynamically set before starting the process, but since libpq
accesses the shadow database, instead of checking HOME, I can't fix it
properly that way.

Thanks,

--
Diego Elio Pettenò <flameeyes(at)flameeyes(dot)eu>