| From: | Craig Ringer <craig(at)2ndquadrant(dot)com> |
|---|---|
| To: | Christoph Berg <myon(at)debian(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pgsql: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings |
| Date: | 2020-01-20 07:48:37 |
| Message-ID: | CAMsr+YH1+jG0+23RVzab+y9ZrE=ps3GXCqYEyY7hLDdnveLPjQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
On Thu, 9 Jan 2020 at 22:38, Christoph Berg <myon(at)debian(dot)org> wrote:
> Re: Robert Haas 2020-01-09 <CA+TgmoZEjyv_PD=2cinkbDA_chyLNAcBPL_9bKJQ6bc=
> nw+FHA(at)mail(dot)gmail(dot)com>
> > Does this mean that a non-superuser can induce postgres_fdw to read an
> > arbitrary file from the local filesystem?
>
> Yes, see my comments in the "Allow 'sslkey' and 'sslcert' in
> postgres_fdw user mappings" thread.
Ugh, I misread your comment.
You raise a sensible concern.
These options should be treated the same as the proposed option to allow
passwordless connections: disallow creation or alteration of FDW connection
strings that use them by non-superusers. So a superuser can define a user
mapping that uses these options, but normal users may not.
--
Craig Ringer http://www.2ndQuadrant.com/
2ndQuadrant - PostgreSQL Solutions for the Enterprise
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2020-01-20 08:41:50 | pgsql: Fix crash in BRIN inclusion op functions, due to missing datum c |
| Previous Message | Amit Kapila | 2020-01-20 02:33:34 | pgsql: Allow vacuum command to process indexes in parallel. |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yugo NAGATA | 2020-01-20 07:57:58 | Re: Implementing Incremental View Maintenance |
| Previous Message | Masahiko Sawada | 2020-01-20 07:46:50 | Re: base backup client as auxiliary backend process |