On 3/25/20 7:44 PM, Tom Lane wrote:
> I wrote:
>> Concretely, I see that contrib/sslinfo has
>> SHLIB_LINK += $(filter -lssl -lcrypto -lssleay32 -leay32, $(LIBS))
> I verified that that fixes things on macOS and pushed it, along with
> a couple other minor fixes.


> However, I'm quite desperately unhappy that the new test module
> does this:
> $node->append_conf('postgresql.conf', "listen_addresses = 'localhost'");
> That's opening a security hole.  Note that we do *not* run src/test/ssl
> by default, and it has a README warning people not to run it on multiuser
> systems.  It seems 100% unacceptable for this test to fire up a similarly
> insecure server without so much as a by-your-leave.
> I don't actually see why we need the localhost port at all --- it doesn't
> look like this test ever attempts to connect to the server.  So couldn't
> we just drop that?

Seems reasonable. I just tested that and it seems quite happy, so I'll
make the change.



Andrew Dunstan                https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Reply via email to