| From: | "Moon, Insung" <tsukiwamoon(dot)pgsql(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Exposure related to GUC value of ssl_passphrase_command |
| Date: | 2019-11-05 08:14:41 |
| Message-ID: | CAEMmqBuHVGayc+QkYKgx3gWSdqwTAQGw+0DYn3WhcX-eNa2ntA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Deal Hackers.
The value of ssl_passphrase_command is set so that an external command
is called when the passphrase for decrypting an SSL file such as a
private key is obtained.
Therefore, easily set to work with echo "passphrase" or call to
another get of passphrase application.
I think that this GUC value doesn't contain very sensitive data,
but just in case, it's dangerous to be visible to all users.
I think do not possible these cases, but if a used echo external
commands or another external command, know what application used to
get the password, maybe we can't be convinced that there's the safety
of using abuse by backtracking on applications.
So I think to the need only superusers or users with the default role
of pg_read_all_settings should see these values.
Patch is very simple.
How do you think about my thoughts like this?
Best regards.
Moon.
| Attachment | Content-Type | Size |
|---|---|---|
| Change-show-authority-of-ssl_passphrase_command.diff | application/octet-stream | 458 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Moon, Insung | 2019-11-05 08:21:14 | Re: Wrong value in metapage of GIN INDEX. |
| Previous Message | Kyotaro Horiguchi | 2019-11-05 07:41:00 | Re: [proposal] recovery_target "latest" |