Re: BUG #14543: libpq fails with group readable ssl keys

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: postgres(at)freigeist(dot)org, pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #14543: libpq fails with group readable ssl keys
Date: 2017-02-27 23:07:33
Message-ID: 5436.1488236853@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox
Thread:
Lists: pgsql-bugs

Bruce Momjian <bruce(at)momjian(dot)us> writes:
> We changed Postgres 9.6 to allow open group permissions on the
> _server_'s SSL key if it was owned by root:
> Allow the server's <acronym>SSL</> key file to have group read
> access if it is owned by <literal>root</> (Christoph Berg)
> Is this something we should change on the client? I don't see why not,
> but the 'root' requirement would still remain.

I'm pretty suspicious of doing this on the client side. It doesn't seem
as useful, and it would open up a bunch of issues concerning e.g. what
cert authentication actually is authenticating.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message David Steele 2017-02-28 01:33:34 Backend crash on non-exclusive backup cancel
Previous Message Bruce Momjian 2017-02-27 22:58:45 Re: BUG #14543: libpq fails with group readable ssl keys