Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitb8b6691

Browse files
committed
Patch that checks ownership and permissions on server static
private key. (You want it to be a regular file owned by thedatabase process, with 0400 or 0600 permissions.)Bear Giles
1 parent8f44024 commitb8b6691

File tree

1 file changed

+15
-2
lines changed

1 file changed

+15
-2
lines changed

‎src/backend/libpq/be-secure.c‎

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
*
1212
*
1313
* IDENTIFICATION
14-
* $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.3 2002/06/14 04:33:53 momjian Exp $
14+
* $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.4 2002/06/14 04:35:02 momjian Exp $
1515
*
1616
* Since the server static private key ($DataDir/server.key)
1717
* will normally be stored unencrypted so that the database
@@ -59,7 +59,7 @@
5959
* [ ] use 'random' file, read from '/dev/urandom?'
6060
* [*] emphermal DH keys, default values
6161
* [*] periodic renegotiation
62-
* [] private key permissions
62+
* [*] private key permissions
6363
*
6464
* milestone 4: provide endpoint authentication (client)
6565
* [ ] server verifies client certificates
@@ -551,7 +551,20 @@ initialize_SSL (void)
551551
fnbuf,SSLerrmessage());
552552
ExitPostmaster(1);
553553
}
554+
554555
snprintf(fnbuf,sizeof(fnbuf),"%s/server.key",DataDir);
556+
if (lstat(fnbuf,&buf)==-1)
557+
{
558+
postmaster_error("failed to stat private key file (%s): %s",
559+
fnbuf,strerror(errno));
560+
ExitPostmaster(1);
561+
}
562+
if (!S_ISREG(buf.st_mode)|| (buf.st_mode&0077)||
563+
buf.st_uid!=getuid())
564+
{
565+
postmaster_error("bad permissions on private key file (%s)",fnbuf);
566+
ExitPostmaster(1);
567+
}
555568
if (!SSL_CTX_use_PrivateKey_file(SSL_context,fnbuf,SSL_FILETYPE_PEM))
556569
{
557570
postmaster_error("failed to load private key file (%s): %s",

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp