Re: Unable to connect to PostgreSQL DB as root user when private key is owned by root with permission 640
| От | Tom Lane |
|---|---|
| Тема | Re: Unable to connect to PostgreSQL DB as root user when private key is owned by root with permission 640 |
| Дата | |
| Msg-id | 335500.1653058186@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Unable to connect to PostgreSQL DB as root user when private key is owned by root with permission 640 ("Suralkar, Yogendra (Yogendra)" <suralkary@avaya.com>) |
| Ответы |
Re: Unable to connect to PostgreSQL DB as root user when private key is owned by root with permission 640
|
| Список | pgsql-bugs |
"Suralkar, Yogendra (Yogendra)" <suralkary@avaya.com> writes:
> Recently we updated to PostgreSQL 13.7 (Please see list of rpms used below).
> After update we have noticed an issue when connecting to Database as 'root' user when private key file is owned by
rootand has permission 640.
TBH, my immediate reaction is "what are you doing running database
accesses as root?". But given that you are, I see the problem: the test
is coded like
if ((buf.st_uid == geteuid() && buf.st_mode & (S_IRWXG | S_IRWXO)) ||
(buf.st_uid == 0 && buf.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)))
which was copied verbatim from the equivalent test in the backend.
However, in the backend it's safe to assume that geteuid() != 0.
libpq apparently shouldn't assume that, meaning that the two arms
of the if aren't disjoint cases anymore, and it matters which one
we check first.
The repeat call of geteuid() is a waste of cycles anyway, so maybe better
like
if (buf.st_uid != 0 ?
buf.st_mode & (S_IRWXG | S_IRWXO) :
buf.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO))
This feels kind of wrong, in that root's privacy check is now strictly
weaker than anyone else's, but root ought to know what she's doing anyway.
regards, tom lane
В списке pgsql-bugs по дате отправления: