Hi Antonio! Antonio Kanouras [2005-11-28 19:22 +0200]: > Hi, I tried to change /etc/postgresql-common/postgresql.pem's > permissions to: > > -rw-r----- 1 root postgres 887 2005-11-28 18:12 postgresql.pem > > which seems safer to me (a succesful attacker won't be able to change > the key file), and after trying to start the server:
Right, that makes sense. I'll change -common to do this by default.
> estia:0:~# invoke-rc.d postgresql-8.0 start
> Starting PostgreSQL 8.0 database server: mainThe PostgreSQL server
> failed to start. Please check the log output:
> FATAL: unsafe permissions on private key file
> "/var/lib/postgresql/8.0/main/server.key"
> DETAIL: File must be owned by the database user and must have no
> permissions for "group" or "other".
This has been fixed a while ago in
postgresql-8.0 (8.0.3-16) unstable; urgency=medium
[...]
* Add debian/patches/07-relax-sslkey-permscheck.patch:
- Relax security check on private SSL key file: The file is also
considered safe if it has owner and/or group "root", and if it is
group-readable (unless the group is something other than root or the
database owner group).
- Closes: #327901
[...]
and likewise in 7.4 and 8.1 as well.
> -rw------- 1 root root 887 2005-11-28 18:12 postgresql.pem
>
> and PostgreSQL should open the file as root and then setuid to
> postgresql.
This will not happen. PostgreSQL does run as normal user 'postgres'
(by default) right from the start and never has root privileges. This
ensures rock solid privilege separation. This is the way upstream
intends to run PostgreSQL and I completely agree to it.
Thanks,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
