Re: ssl passphrase callback - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: ssl passphrase callback
Date
Msg-id 20191114165309.GB6160@momjian.us
Whole thread Raw
In response to Re: ssl passphrase callback  (Andrew Dunstan <andrew.dunstan@2ndquadrant.com>)
Responses Re: ssl passphrase callback
List pgsql-hackers
On Thu, Nov 14, 2019 at 11:34:24AM -0500, Andrew Dunstan wrote:
> 
> On 11/14/19 11:07 AM, Bruce Momjian wrote:
> > On Thu, Nov 14, 2019 at 11:42:05AM +0100, Magnus Hagander wrote:
> >> On Wed, Nov 13, 2019 at 9:23 PM Tomas Vondra <tomas.vondra@2ndquadrant.com>
> >>     I think it would be beneficial to explain why shared object is more
> >>     secure than an OS command. Perhaps it's common knowledge, but it's not
> >>     quite obvious to me.
> >>
> >>
> >> Yeah, that probably wouldn't hurt. It's also securely passing from more than
> >> one perspective -- both from the "cannot be eavesdropped" (like putting the
> >> password on the commandline for example) and the requirement for escaping.
> > I think a bigger issue is that if you want to give people the option of
> > using a shell command or a shared object, and if you use two commands to
> > control it, it isn't clear what happens if both are defined.  By using
> > some character prefix to control if a shared object is used, you can use
> > a single variable and there is no confusion over having two variables
> > and their conflicting behavior.
> >
> 
> 
> I'm  not sure how that would work in the present instance. The shared
> preloaded module installs a function and defines the params it wants. If
> we somehow unify the params with ssl_passphrase_command that could look
> icky, and the module would have to parse the settings string. That's not
> a problem for the sample module which only needs one param, but it will
> be for other more complex implementations.
> 
> I'm quite open to suggestions, but I want things to be tolerably clean.

I was assuming if the variable starts with a #, it is a shared object,
if not, it is a shell command:

    ssl_passphrase_command='#/lib/x.so'
    ssl_passphrase_command='my_command a b c'

Can you show what you are talking about?

-- 
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +



pgsql-hackers by date:

Previous
From: Tomas Vondra
Date:
Subject: Re: ssl passphrase callback
Next
From: Alvaro Herrera
Date:
Subject: Re: ssl passphrase callback