On Thu, Feb 18, 2016 at 10:17:49AM -0500, Tom Lane wrote:
> Christoph Berg <m...@debian.org> writes:
> > Currently the server insists on ssl_key_file's permissions to be 0600
> > or less, and be owned by the database user. Debian has been patching
> > be-secure.c since forever (the git history goes back to 8.2beta1) to
> > relax that to 0640 or less, and owned by root or the database user.
> Debian can do that if they like, but it's entirely unacceptable as an
> across-the-board patch.  Not all systems treat groups as being narrow
> domains in which it's okay to assume that group-readable files are
> secure enough to be keys.  As an example, on OS X user files tend to be
> group "staff" or "admin" which'd be close enough to world readable.
> We could allow group-readable if we had some way to know whether to
> trust the specific group, but I don't think there's any practical
> way to do that.  System conventions vary too much.

Should we have a GUC to control the group permissions restriction?  I
can certainly see value in allowing for group access to the certificate.

  Bruce Momjian  <br...@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription                             +

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to