Home > mailing lists

Re: [BUGS] BUG #14543: libpq fails with group readable ssl keys - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: [BUGS] BUG #14543: libpq fails with group readable ssl keys
Date	February 28, 2017 05:07:33
Msg-id	5436.1488236853@sss.pgh.pa.us Whole thread Raw
In response to	Re: [BUGS] BUG #14543: libpq fails with group readable ssl keys (Bruce Momjian <bruce@momjian.us>)
Responses	Re: [BUGS] BUG #14543: libpq fails with group readable ssl keys (Magnus Hagander <magnus@hagander.net>)
List	pgsql-bugs

Tree view

Bruce Momjian <bruce@momjian.us> writes:
> We changed Postgres 9.6 to allow open group permissions on the
> _server_'s SSL key if it was owned by root:
>     Allow the server's <acronym>SSL</> key file to have group read
>     access if it is owned by <literal>root</> (Christoph Berg)
> Is this something we should change on the client?  I don't see why not,
> but the 'root' requirement would still remain.

I'm pretty suspicious of doing this on the client side.  It doesn't seem
as useful, and it would open up a bunch of issues concerning e.g. what
cert authentication actually is authenticating.

            regards, tom lane


-- 
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

pgsql-bugs by date:

From: Bruce Momjian
Date: 28 February 2017, 04:58:45
Subject: Re: [BUGS] BUG #14543: libpq fails with group readable ssl keys

From: David Steele
Date: 28 February 2017, 07:33:34
Subject: [BUGS] Backend crash on non-exclusive backup cancel

Re: [BUGS] BUG #14543: libpq fails with group readable ssl keys - Mailing list pgsql-bugs

Previous

Next