Postgres Pro
Downloads
Home   >   mailing lists

Re: BUG #3809: SSL "unsafe" private key permissions bug - Mailing list pgsql-bugs

From Martin Pitt
Subject Re: BUG #3809: SSL "unsafe" private key permissions bug
Date
Msg-id 20071209104348.GA11651@piware.de
Whole thread Raw
In response to BUG #3809: SSL "unsafe" private key permissions bug  ("Simon Arlott" <postgresql.simon@arlott.org>)
Responses Re: BUG #3809: SSL "unsafe" private key permissions bug
List pgsql-bugs
Tree view 
Hi,

Simon Arlott [2007-12-08 12:24 +0000]:
> Bug reference:      3809
> Logged by:          Simon Arlott
> Email address:      postgresql.simon@arlott.org
> PostgreSQL version: 8.2.4
> Operating system:   Linux 2.6.23
> Description:        SSL "unsafe" private key permissions bug
> Details:
>
> FATAL:  unsafe permissions on private key file "server.key"
> DETAIL:  File must be owned by the database user and must have no
> permissions for "group" or "other".
>
> It should be possible to disable this check in the configuration, so those
> of us capable of deciding what's unsafe can do so.

For the same reason Debian/Ubuntu have modified this check ages ago,
to also allow for keys which are owned by root and readable by a
particular group. A lot of our users want to share a common SSL
cert/key between all servers, and the upstream check makes this
impossible. (Ubuntu sets up all server packages in a way that they all
share a common SSL key called "snakeoil" which is generated on system
installation. By merely replacing this with a real one, your box
becomes sanely configured without fiddling with any configuration
files.)

I already proposed this patch two times, but it has been rejected so
far unfortunately. But maybe it's useful for you.

Martin

--
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org
diff -Nur postgresql-8.2/build-tree/postgresql-8.2beta1/src/backend/libpq/be-secure.c
postgresql-8.2.new/build-tree/postgresql-8.2beta1/src/backend/libpq/be-secure.c
--- postgresql-8.2beta1/src/backend/libpq/be-secure.c    2006-09-04 16:57:27.000000000 +0200
+++ postgresql-8.2beta1/src/backend/libpq/be-secure.c    2006-09-25 19:24:13.000000000 +0200
@@ -751,13 +751,15 @@
          * directory permission check in postmaster.c)
          */
 #if !defined(WIN32) && !defined(__CYGWIN__)
-        if (!S_ISREG(buf.st_mode) || (buf.st_mode & (S_IRWXG | S_IRWXO)) ||
-            buf.st_uid != geteuid())
+        if (!S_ISREG(buf.st_mode) || (buf.st_mode & (S_IWGRP | S_IRWXO)) ||
+            (buf.st_uid != geteuid()) && buf.st_uid != 0)
             ereport(FATAL,
                     (errcode(ERRCODE_CONFIG_FILE_ERROR),
                      errmsg("unsafe permissions on private key file \"%s\"",
                             SERVER_PRIVATE_KEY_FILE),
-                     errdetail("File must be owned by the database user and must have no permissions for \"group\" or
\"other\".")));
+                     errdetail("File must be owned by the \
+database user or root, must have no write permission for \"group\", and must \
+have no permissions for \"other\".")));
 #endif

         if (!SSL_CTX_use_PrivateKey_file(SSL_context,
Attachment

pgsql-bugs by date:

Previous
From: "Adriaan van Os"
Date:
Subject: BUG #3811: Getting multiple values from a sequence generator
Next
From: Simon Riggs
Date:
Subject: Re: BUG #3811: Getting multiple values from a sequence generator