Home > mailing lists

Re: BUG #1963: SSL certificate permission check is too strict - Mailing list pgsql-bugs

From	Martin Pitt
Subject	Re: BUG #1963: SSL certificate permission check is too strict
Date	October 16, 2005 16:05:55
Msg-id	20051016094520.GC20451@box79162.elkhouse.de Whole thread Raw
In response to	Re: BUG #1963: SSL certificate permission check is too strict (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-bugs

Tree view

Hi Tom!

Tom Lane [2005-10-16  0:41 -0400]:
> Martin Pitt <mpitt@debian.org> writes:
> > At least the certificate could be permitted to be owned/in group root.
> > I cannot see how this should weaken the certificate's security.
>=20
> Postgres doesn't run as root, hence could not use such a certificate
> unless it was world-readable.

Please see my original mail. If you use ACLs, postgres can very well
be able to read the certificate.

The point was that a key's security is not weakened if it is owned by
root instead of "postgres" - to the contrary. So I don't see the point
of the check that actively prohibits a key being owned by root.

Martin

--=20
Martin Pitt              http://www.piware.de
Ubuntu Developer   http://www.ubuntulinux.org
Debian Developer        http://www.debian.org

pgsql-bugs by date:

From: Tom Lane
Date: 16 October 2005, 04:41:51
Subject: Re: BUG #1963: SSL certificate permission check is too strict

From: Klint Gore
Date: 17 October 2005, 00:39:18
Subject: Re: BUG #1956: Plpgsql top-level DECLARE does not share scope

Re: BUG #1963: SSL certificate permission check is too strict - Mailing list pgsql-bugs

Previous

Next