Quick Links

Re: BUG #14543: libpq fails with group readable ssl keys

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Bruce Momjian <bruce(at)momjian(dot)us>
Cc:	postgres(at)freigeist(dot)org, pgsql-bugs(at)postgresql(dot)org
Subject:	Re: BUG #14543: libpq fails with group readable ssl keys
Date:	2017-02-27 23:07:33
Message-ID:	5436.1488236853@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-bugs

Bruce Momjian <bruce(at)momjian(dot)us> writes:
> We changed Postgres 9.6 to allow open group permissions on the
> _server_'s SSL key if it was owned by root:
> Allow the server's <acronym>SSL</> key file to have group read
> access if it is owned by <literal>root</> (Christoph Berg)
> Is this something we should change on the client? I don't see why not,
> but the 'root' requirement would still remain.

I'm pretty suspicious of doing this on the client side. It doesn't seem
as useful, and it would open up a bunch of issues concerning e.g. what
cert authentication actually is authenticating.

regards, tom lane

In response to

Re: BUG #14543: libpq fails with group readable ssl keys at 2017-02-27 22:58:45 from Bruce Momjian

Responses

Re: BUG #14543: libpq fails with group readable ssl keys at 2017-02-28 11:15:30 from Magnus Hagander

Browse pgsql-bugs by date

	From	Date	Subject
Next Message	David Steele	2017-02-28 01:33:34	Backend crash on non-exclusive backup cancel
Previous Message	Bruce Momjian	2017-02-27 22:58:45	Re: BUG #14543: libpq fails with group readable ssl keys