Re: Relaxing SSL key permission checks - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: Relaxing SSL key permission checks
Date
Msg-id 56E8C221.1050206@gmx.net
Whole thread Raw
In response to Re: Relaxing SSL key permission checks  (Peter Eisentraut <peter_e@gmx.net>)
Responses Re: Relaxing SSL key permission checks
Re: Relaxing SSL key permission checks
List pgsql-hackers
On 3/10/16 9:20 PM, Peter Eisentraut wrote:
> On 3/4/16 3:55 PM, Alvaro Herrera wrote:
>> * it failed to check for S_IXUSR, so permissions 0700 were okay, in
>> contradiction with what the error message indicates.  This is a
>> preexisting bug actually.  Do we want to fix it by preventing a
>> user-executable file (possibly breaking compability with existing
>> executable key files), or do we want to document what the restriction
>> really is?
> 
> I think we should not check for S_IXUSR.  There is no reason for doing that.
> 
> I can imagine that key files are sometimes copied around using USB
> drives with FAT file systems or other means of that sort where
> permissions can scrambled.  While I hate gratuitous executable bits as
> much as the next person, insisting here would just create annoyances in
> practice.

I'm happy with this patch except this minor point.  Any final comments?




pgsql-hackers by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: IF (NOT) EXISTS in psql-completion
Next
From: Tatsuo Ishii
Date:
Subject: Re: multivariate statistics v14