Re: pgsql: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings

On 1/20/20 2:48 AM, Craig Ringer wrote:
> On Thu, 9 Jan 2020 at 22:38, Christoph Berg <myon(at)debian(dot)org
> <mailto:myon(at)debian(dot)org>> wrote:
>
> Re: Robert Haas 2020-01-09
> <CA+TgmoZEjyv_PD=2cinkbDA_chyLNAcBPL_9bKJQ6bc=nw+FHA(at)mail(dot)gmail(dot)com
> <mailto:nw%2BFHA(at)mail(dot)gmail(dot)com>>
> > Does this mean that a non-superuser can induce postgres_fdw to
> read an
> > arbitrary file from the local filesystem?
>
> Yes, see my comments in the "Allow 'sslkey' and 'sslcert' in
> postgres_fdw user mappings" thread.
>
>
> Ugh, I misread your comment.
>
> You raise a sensible concern.
>
> These options should be treated the same as the proposed option to
> allow passwordless connections: disallow creation or alteration of FDW
> connection strings that use them by non-superusers. So a superuser can
> define a user mapping that uses these options, but normal users may not.
>
>

Already done.

cheers

andrew

--
Andrew Dunstan https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services