On Thu, Oct 19, 2017 at 08:22:18AM -0400, Andrew Dunstan wrote:
>
>
> On 10/19/2017 02:12 AM, Tom Lane wrote:
> > Desidero <desidero@gmail.com> writes:
> >> I’m running into problems with the restriction on pgpass file types. When
> >> attempting to use something like an anonymous pipe for a passfile, psql
> >> throws an error stating that it only accepts plain files.
> >> ...
> >> Does anyone know why it’s set up to avoid using things like anonymous pipes
> >> (or anything but "plain files")?
> > A bit of digging in the git history says that the check was added here:
> >
> > commit 453d74b99c9ba6e5e75d214b0d7bec13553ded89
> > Author: Bruce Momjian <bruce@momjian.us>
> > Date: Fri Jun 10 03:02:30 2005 +0000
> >
> > Add the "PGPASSFILE" environment variable to specify to the password
> > file.
> >
> > Andrew Dunstan
> >
> > and poking around in the mailing list archives from that time finds
> > what seems to be the originating thread:
> >
> > https://www.postgresql.org/message-id/flat/4123BF8C.5000909%40pse-consulting.de
> >
> > There's no real discussion there of the check for plain-file-ness.
> > My first guess would have been that the idea was to guard against
> > symlink attacks; but then surely the stat call needed to have been
> > changed to lstat? So I'm not quite sure of the reasoning. Perhaps
> > Andrew remembers.
>
>
>
> That was written 13 years ago. I'm afraid my memory isn't that good.
I am coming in late here, but the thread does say:
https://www.postgresql.org/message-id/200506100302.j5A32aj12016%40candle.pha.pa.us
Another new addition is that we now will check to see that the password
file is a regular file and not a symlink or something. This was part of
your patch for PGPASSFILE but I extended it to ~/.pgpass too.
Seems the stat, and not lstat, usage is a bug.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +