aboutsummaryrefslogtreecommitdiff
path: root/src/backend/libpq/be-secure-common.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/backend/libpq/be-secure-common.c')
-rw-r--r--src/backend/libpq/be-secure-common.c28
1 files changed, 13 insertions, 15 deletions
diff --git a/src/backend/libpq/be-secure-common.c b/src/backend/libpq/be-secure-common.c
index 7e9a64d08e6..7a9de524db6 100644
--- a/src/backend/libpq/be-secure-common.c
+++ b/src/backend/libpq/be-secure-common.c
@@ -143,6 +143,7 @@ check_ssl_key_file_permissions(const char *ssl_key_file, bool isServerStart)
return false;
}
+ /* Key file must be a regular file */
if (!S_ISREG(buf.st_mode))
{
ereport(loglevel,
@@ -153,9 +154,19 @@ check_ssl_key_file_permissions(const char *ssl_key_file, bool isServerStart)
}
/*
- * Refuse to load key files owned by users other than us or root.
+ * Refuse to load key files owned by users other than us or root, and
+ * require no public access to the key file. If the file is owned by us,
+ * require mode 0600 or less. If owned by root, require 0640 or less to
+ * allow read access through either our gid or a supplementary gid that
+ * allows us to read system-wide certificates.
*
- * XXX surely we can check this on Windows somehow, too.
+ * Note that similar checks are performed in
+ * src/interfaces/libpq/fe-secure-openssl.c so any changes here may need
+ * to be made there as well.
+ *
+ * Ideally we would do similar permissions checks on Windows, but it is
+ * not clear how that would work since Unix-style permissions may not be
+ * available.
*/
#if !defined(WIN32) && !defined(__CYGWIN__)
if (buf.st_uid != geteuid() && buf.st_uid != 0)
@@ -166,20 +177,7 @@ check_ssl_key_file_permissions(const char *ssl_key_file, bool isServerStart)
ssl_key_file)));
return false;
}
-#endif
- /*
- * Require no public access to key file. If the file is owned by us,
- * require mode 0600 or less. If owned by root, require 0640 or less to
- * allow read access through our gid, or a supplementary gid that allows
- * to read system-wide certificates.
- *
- * XXX temporarily suppress check when on Windows, because there may not
- * be proper support for Unix-y file permissions. Need to think of a
- * reasonable check to apply on Windows. (See also the data directory
- * permission check in postmaster.c)
- */
-#if !defined(WIN32) && !defined(__CYGWIN__)
if ((buf.st_uid == geteuid() && buf.st_mode & (S_IRWXG | S_IRWXO)) ||
(buf.st_uid == 0 && buf.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)))
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-25 12:49:55 +0000