BUG #1963: SSL certificate permission check is too strict - Mailing list pgsql-bugs

From Martin Pitt
Subject BUG #1963: SSL certificate permission check is too strict
Date
Msg-id 20051013162638.E8B56F1311@svr2.postgresql.org
Whole thread Raw
Responses Re: BUG #1963: SSL certificate permission check is too strict
List pgsql-bugs
The following bug has been logged online:

Bug reference:      1963
Logged by:          Martin Pitt
Email address:      mpitt@debian.org
PostgreSQL version: 8.1beta3
Operating system:   Debian
Description:        SSL certificate permission check is too strict
Details:

Currently the postmaster requires the private SSL key file to have the same
owner as the postmaster, and no permissions for group and others. However,
this is too strict to sensibly use the certificate with ACLs, which permits
other server processes to share it.

In Debian I applied a patch which relaxes the check a bit: in addition to
the currently allowed permissions, the file might be:
 - owned by root
 - group-readable if the file is in group root or the postmaster group.

Since this likely affects non-Debian server installations as well, do you
consider adopting this?

Thanks!

Martin

Original Debian bug report:
http://bugs.debian.org/327901

Debian patch against 8.1beta3:
http://people.debian.org/~mpitt/09-relax-sslkey-permscheck.patch

pgsql-bugs by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: BUG #1964: Role membership error
Next
From: Michael Fuhr
Date:
Subject: Re: BUG #1956: Plpgsql top-level DECLARE does not share