Index: postgresql/src/backend/postmaster/be-secure.c
diff -c postgresql/src/backend/postmaster/be-secure.c:1.7 postgresql/src/backend/postmaster/be-secure.c:1.8
*** postgresql/src/backend/postmaster/be-secure.c:1.7	Sat May 25 00:33:05 2002
--- postgresql/src/backend/postmaster/be-secure.c	Sat May 25 00:51:56 2002
***************
*** 11,17 ****
   *
   *
   * IDENTIFICATION
!  *	  $Header: /usr/local/cvsroot/postgresql/src/backend/postmaster/be-secure.c,v 1.7 2002/05/25 06:33:05 bear Exp $
   *	  
   *	NOTES
   *
--- 11,17 ----
   *
   *
   * IDENTIFICATION
!  *	  $Header: /usr/local/cvsroot/postgresql/src/backend/postmaster/be-secure.c,v 1.8 2002/05/25 06:51:56 bear Exp $
   *	  
   *	NOTES
   *
***************
*** 73,79 ****
   *	  [*] use 'random' file, read from '/dev/urandom?'
   *	  [*] emphermal DH keys, default values
   *	  [*] periodic renegotiation
!  *	  [ ] private key permissions
   *
   *	  milestone 4: provide endpoint authentication (client)
   *	  [ ] server verifies client certificates
--- 73,79 ----
   *	  [*] use 'random' file, read from '/dev/urandom?'
   *	  [*] emphermal DH keys, default values
   *	  [*] periodic renegotiation
!  *	  [*] private key permissions
   *
   *	  milestone 4: provide endpoint authentication (client)
   *	  [ ] server verifies client certificates
***************
*** 568,574 ****
--- 568,587 ----
  							 fnbuf, SSLerrmessage());
  			ExitPostmaster(1);
  		}
+ 
  		snprintf(fnbuf, sizeof(fnbuf), "%s/server.key", DataDir);
+ 		if (lstat(fnbuf, &buf) == -1)
+ 		{
+ 			postmaster_error("failed to stat private key file (%s): %s",
+ 							 fnbuf, strerror(errno));
+ 			ExitPostmaster(1);
+ 		}
+ 		if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0077) ||
+ 			buf.st_uid != getuid())
+ 		{
+ 			postmaster_error("bad permissions on private key file (%s)", fnbuf);
+ 			ExitPostmaster(1);
+ 		}
  		if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
  		{
  			postmaster_error("failed to load private key file (%s): %s",