"Suralkar, Yogendra (Yogendra)" <suralkary@avaya.com> writes:
> Recently we updated to PostgreSQL 13.7 (Please see list of rpms used below).
> After update we have noticed an issue when connecting to Database as 'root' user when private key file is owned by
rootand has permission 640.
TBH, my immediate reaction is "what are you doing running database
accesses as root?". But given that you are, I see the problem: the test
is coded like
if ((buf.st_uid == geteuid() && buf.st_mode & (S_IRWXG | S_IRWXO)) ||
(buf.st_uid == 0 && buf.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)))
which was copied verbatim from the equivalent test in the backend.
However, in the backend it's safe to assume that geteuid() != 0.
libpq apparently shouldn't assume that, meaning that the two arms
of the if aren't disjoint cases anymore, and it matters which one
we check first.
The repeat call of geteuid() is a waste of cycles anyway, so maybe better
like
if (buf.st_uid != 0 ?
buf.st_mode & (S_IRWXG | S_IRWXO) :
buf.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO))
This feels kind of wrong, in that root's privacy check is now strictly
weaker than anyone else's, but root ought to know what she's doing anyway.
regards, tom lane
