Re: BUG #14543: libpq fails with group readable ssl keys

Hi,

On Tue, Feb 14, 2017 at 1:01 AM, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
wrote:

> On Tue, Feb 14, 2017 at 3:43 AM, <postgres(at)freigeist(dot)org> wrote:
> > looks like libpq checks if a ssl key is group or world readable and
> aborts
> > if that's the case:
>
> This is not a bug.
>

sorry, haven't found a way to submit 'suggestions'.

> # pg_basebackup -R -d
> > 'postgres://replication(at)db-rw?sslmode=verify-ca&sslcert=/
> etc/ssl/private/default.pem&sslkey=/etc/ssl/private/
> default-key.pem&sslrootcert=/etc/ssl/ca-trusted.pem'
> > -D /var/lib/postgresql/9.5/main --xlog-method=stream
> > pg_basebackup: could not connect to server: private key file
> > "/etc/ssl/private/default-key.pem" has group or world access;
> permissions
> > should be u=rw (0600) or less
>
> This behavior comes from commit eb7afc14 of 2002.
>
> > While I agree this is reasonable to do if the key is world readable, it's
> > perfectly fine to make a SSL key group readable to share it with multiple
> > users on the same system.
>
> I don't disagree with that. Now it is hard to justify a change for a
> 14-year-old behavior as many users may rely on the current way things
> work as well.
>

I can't imaging how someone would rely on this behavior.
I don't care that much though, I just did't want to rant about this feature
without reporting it like a good user :)

> Ubuntu (and probably most other distributions) even creates a group for
> > exactly this scenario:
>
> Hard to assume. Fedora does not have such a patch:
> http://pkgs.fedoraproject.org/cgit/rpms/postgresql.git/tree/.
> Archlinux also shows none:
> https://git.archlinux.org/svntogit/packages.git/tree/
> trunk?h=packages/postgresql.
>

I didn't mean they patch it, I mean they create a group to share ssl keys
with multiple services. Just pointed that out to proof it's established
practice to have keys group-readable.