Re: Relaxing SSL key permission checks
| От | Peter Eisentraut |
|---|---|
| Тема | Re: Relaxing SSL key permission checks |
| Дата | |
| Msg-id | 56EDCACE.8060801@gmx.net обсуждение исходный текст |
| Ответ на | Re: Relaxing SSL key permission checks (Christoph Berg <myon@debian.org>) |
| Список | pgsql-hackers |
Committed with the discussed adjustment and documentation update. On 3/18/16 2:26 PM, Christoph Berg wrote: > Re: Peter Eisentraut 2016-03-16 <56E8C221.1050206@gmx.net> >>>> * it failed to check for S_IXUSR, so permissions 0700 were okay, in >>>> contradiction with what the error message indicates. This is a >>>> preexisting bug actually. Do we want to fix it by preventing a >>>> user-executable file (possibly breaking compability with existing >>>> executable key files), or do we want to document what the restriction >>>> really is? >>> >>> I think we should not check for S_IXUSR. There is no reason for doing that. >>> >>> I can imagine that key files are sometimes copied around using USB >>> drives with FAT file systems or other means of that sort where >>> permissions can scrambled. While I hate gratuitous executable bits as >>> much as the next person, insisting here would just create annoyances in >>> practice. >> >> I'm happy with this patch except this minor point. Any final comments? > > I'm fine with that change. > > Do you want me to update the patch or do you already have a new > version, given it's marked as Ready for Committer? > > Christoph >
В списке pgsql-hackers по дате отправления: