Re: Relaxing SSL key permission checks
| От | Peter Eisentraut |
|---|---|
| Тема | Re: Relaxing SSL key permission checks |
| Дата | |
| Msg-id | 56C67A4D.9090709@gmx.net обсуждение исходный текст |
| Ответ на | Re: Relaxing SSL key permission checks (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On 2/18/16 10:17 AM, Tom Lane wrote: > Christoph Berg <myon@debian.org> writes: >> Currently the server insists on ssl_key_file's permissions to be 0600 >> or less, and be owned by the database user. Debian has been patching >> be-secure.c since forever (the git history goes back to 8.2beta1) to >> relax that to 0640 or less, and owned by root or the database user. > > Debian can do that if they like, but it's entirely unacceptable as an > across-the-board patch. Not all systems treat groups as being narrow > domains in which it's okay to assume that group-readable files are > secure enough to be keys. As an example, on OS X user files tend to be > group "staff" or "admin" which'd be close enough to world readable. > > We could allow group-readable if we had some way to know whether to > trust the specific group, but I don't think there's any practical > way to do that. System conventions vary too much. Wouldn't POSIX ACLs bypass this anyway?
В списке pgsql-hackers по дате отправления: