Home > mailing lists

[BUGS] BUG #14586: Permissions of recovery.conf are different in plain andtar-format - Mailing list pgsql-bugs

From	markus@braeunig.biz
Subject	[BUGS] BUG #14586: Permissions of recovery.conf are different in plain andtar-format
Date	March 10, 2017 14:00:45
Msg-id	20170310080045.1429.76929@wrigleys.postgresql.org Whole thread Raw
Responses	Re: [BUGS] BUG #14586: Permissions of recovery.conf are different inplain and tar-format (Michael Paquier <michael.paquier@gmail.com>)
List	pgsql-bugs

Tree view

The following bug has been logged on the website:

Bug reference:      14586
Logged by:          Markus Bräunig
Email address:      markus@braeunig.biz
PostgreSQL version: 9.6.2
Operating system:   CentOS Linux release 7.3.1611
Description:

The option "--write-recovery-conf" of pg_basebackup creates a valid
recovery.conf but misses to apply secure file permissions when the default
format (plain) is used.

If you tar the result (-F t), the recovery.conf inside the base.tar has the
permissions 0600. 
In plain format the umask of the actual user is applied and the permissions
are e.g. 0644. 

Because plain passwords are possible in this file, I would suggest to unify
this behavior and change the permissions to 0600 in both cases. 

Regards
Markus


--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

pgsql-bugs by date:

From: Kieran McCusker
Date: 10 March 2017, 00:14:49
Subject: Re: [BUGS] BUG #14583: plpythonu : subprocess not working in function

From: milos.urbanek@email.cz
Date: 10 March 2017, 21:53:18
Subject: [BUGS] BUG #14587: Foreign constraint with newline blows up pg_restorecatalogue

[BUGS] BUG #14586: Permissions of recovery.conf are different in plain andtar-format - Mailing list pgsql-bugs

Previous

Next