| From: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | Daniel Gustafsson <daniel(at)yesql(dot)se>, Peter Eisentraut <peter(at)eisentraut(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Abhishek Chanda <abhishek(dot)becs(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Adding support for SSLKEYLOGFILE in the frontend |
| Date: | 2025-03-20 13:11:12 |
| Message-ID: | CAGECzQSQ_B+PG+9kqw-WkLFGkbz+p3pE1PAeMmLzA1GtDSAKZQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, 17 Mar 2025 at 16:48, Jacob Champion
<jacob(dot)champion(at)enterprisedb(dot)com> wrote:
>
> On Sun, Mar 16, 2025 at 6:49 AM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
> > IIRC the reasoning has been that if a rogue user can inject an environment
> > variable into your session and read your files it's probably game over anyways.
>
> (Personally I'm no longer as convinced by this line of argument as I
> once was...)
I'm not saying there's no attack possible here (although I cannot
think of one), but we allow configuring every other SSL option using
an env var^1. So if there is an attack possible, why would that only
apply to being able to control the sslkeylogfile as opposed to e.g.
sslmode or sslrootcert.
^1 except for "sslpassword", which is weird because that seems exactly
like one of the options you might not want to store in a connection
string for security reasons.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Álvaro Herrera | 2025-03-20 13:16:36 | Re: TOAST versus toast |
| Previous Message | Peter Eisentraut | 2025-03-20 13:06:20 | Support "make check" for PGXS extensions |