Re: Allow root ownership of client certificate key

From: David Steele <david(at)pgmasters(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: Allow root ownership of client certificate key
Date: 2022-02-16 18:57:15
Message-ID: b318aaa1-2338-1c65-0644-15b0be4c2aaa@pgmasters.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi Tom,

On 1/18/22 14:41, Tom Lane wrote:
> David Steele <david(at)pgmasters(dot)net> writes:
>> [ client-key-perm-002.patch ]
>
> I took a quick look at this and agree with the proposed behavior
> change, but also with your self-criticisms:
>
>> We may want to do the same on the server side to make the code blocks
>> look more similar.
>>
>> Also, on the server side the S_ISREG() check gets its own error and that
>> might be a good idea on the client side as well. As it is, the error
>> message on the client is going to be pretty confusing in this case.
>
> Particularly, I think the S_ISREG check should happen before any
> ownership/permissions checks; it just seems saner that way.

The two blocks of code now look pretty much identical except for error
handling and the reference to the other file. Also, the indentation for
the comment on the server side is less but I kept the comment formatting
the same to make it easier to copy the comment back and forth.

> The only other nitpick I have is that I'd make the cross-references be
> to the two file names, ie like "Note that similar checks are performed
> in fe-secure-openssl.c ..." References to the specific functions seem
> likely to bit-rot in the face of future code rearrangements.
> I suppose filename references could become obsolete too, but it
> seems less likely.

Updated these to reference the file instead of the function.

I still don't think we can commit the test for root ownership, but
testing it manually got a whole lot easier after the refactor in
c3b34a0f. Before that you had to hack up the source tree, which is a
pain depending on how it is mounted (I'm testing in a container).

So, to test the new functionality, just add this snippet on line 57 of
001_ssltests.pl:

chmod 0640, "$cert_tempdir/client.key"
or die "failed to change permissions on $cert_tempdir/client.key: $!";
system_or_bail("sudo chown root $cert_tempdir/client.key");

If you can think of a way to add this to the tests I'm all ears. Perhaps
we could add these lines commented out and explain what they are for?

Regards,
-David

Attachment Content-Type Size
client-key-perm-003.patch text/plain 4.3 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Geoghegan 2022-02-16 19:18:19 Re: do only critical work during single-user vacuum?
Previous Message Peter Geoghegan 2022-02-16 18:27:38 Re: do only critical work during single-user vacuum?