Re: BUG #1963: SSL certificate permission check is too strict

Поиск
Список
Период
Сортировка
От Martin Pitt
Тема Re: BUG #1963: SSL certificate permission check is too strict
Дата
Msg-id 20051016094520.GC20451@box79162.elkhouse.de
обсуждение исходный текст
Ответ на Re: BUG #1963: SSL certificate permission check is too strict  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-bugs
Дерево обсуждения 
Hi Tom!

Tom Lane [2005-10-16  0:41 -0400]:
> Martin Pitt <mpitt@debian.org> writes:
> > At least the certificate could be permitted to be owned/in group root.
> > I cannot see how this should weaken the certificate's security.
>=20
> Postgres doesn't run as root, hence could not use such a certificate
> unless it was world-readable.

Please see my original mail. If you use ACLs, postgres can very well
be able to read the certificate.

The point was that a key's security is not weakened if it is owned by
root instead of "postgres" - to the contrary. So I don't see the point
of the check that actively prohibits a key being owned by root.

Martin

--=20
Martin Pitt              http://www.piware.de
Ubuntu Developer   http://www.ubuntulinux.org
Debian Developer        http://www.debian.org

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: BUG #1963: SSL certificate permission check is too strict
Следующее
От: Klint Gore
Дата:
Сообщение: Re: BUG #1956: Plpgsql top-level DECLARE does not share scope