From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
---|---|
To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
Cc: | Peter Eisentraut <peter(at)eisentraut(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Abhishek Chanda <abhishek(dot)becs(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Adding support for SSLKEYLOGFILE in the frontend |
Date: | 2025-03-17 15:48:02 |
Message-ID: | CAOYmi+=5CM5N7nsHN8LQpXuZyhBB6SVMXA_VXFV74iOVAr4_iA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Sun, Mar 16, 2025 at 6:49 AM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
> IIRC the reasoning has been that if a rogue user can inject an environment
> variable into your session and read your files it's probably game over anyways.
(Personally I'm no longer as convinced by this line of argument as I
once was...)
> > It's also possible that we should consider the SSLKEYLOGFILE environment variable some kind of quasi-standard like PAGER, and we should be using exactly that environment variable name like everyone else.
>
> If we would use the same as others, it would make it harder to do fine-grained
> debugging of a session
It also brings up the possibility of two (or more?) separate parts of
the client writing keys simultaneously to the same file through
separate file descriptors, which doesn't seem very fun.
--Jacob
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2025-03-17 15:48:15 | Re: 64 bit numbers vs format strings |
Previous Message | Álvaro Herrera | 2025-03-17 15:38:52 | Re: lwlocknames.h beautification attempt |