Relaxing SSL key permission checks

From: Christoph Berg <myon(at)debian(dot)org>
To: PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Relaxing SSL key permission checks
Date: 2016-02-18 13:34:38
Message-ID: 20160218133438.GC15260@msg.df7cb.de
Views: Raw Message | Whole Thread | Download mbox
Thread:
Lists: pgsql-hackers

Hi,

Currently the server insists on ssl_key_file's permissions to be 0600
or less, and be owned by the database user. Debian has been patching
be-secure.c since forever (the git history goes back to 8.2beta1) to
relax that to 0640 or less, and owned by root or the database user.

The reason for that is that we hooked the SSL certificate handling
into the system's /etc/ssl/ directory structure where private keys are
supposed to have permissions 0640 root:ssl-cert. The postgres user is
member of the ssl-cert group so it can read the key.

In the old days before 9.2 the server expected the SSL files in
PGDATA, and we created symlinks from there to /etc/ssl/. Since 9.2,
these certs are used in the ssl_*_file options.

Using symlinks in PGDATA to use system-wide certificates might have
been a hack, but with the "new" ssl_*_file options I think it might be
prudent to get the "allow group ssl-cert" patch upstreamed.

Comments? (There's no documentation yet, I'll add that if the feedback
is positive.)

Thanks,
Christoph

Attachment Content-Type Size
ssl_key_permissions.patch text/x-diff 1.3 KB

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Daniel Verite 2016-02-18 13:35:20 Re: [patch] Proposal for \crosstabview in psql
Previous Message Daniel Verite 2016-02-18 13:11:05 Re: [patch] Proposal for \crosstabview in psql