Re: [BUGS] BUG #3809: SSL "unsafe" private key permissions bug

[Martin Pitt]

Hi,

Simon Arlott [2007-12-08 12:24 +0000]:
> Bug reference:      3809
> Logged by:          Simon Arlott
> Email address:      [EMAIL PROTECTED]
> PostgreSQL version: 8.2.4
> Operating system:   Linux 2.6.23
> Description:        SSL "unsafe" private key permissions bug
> Details: 
> 
> FATAL:  unsafe permissions on private key file "server.key"
> DETAIL:  File must be owned by the database user and must have no
> permissions for "group" or "other".
> 
> It should be possible to disable this check in the configuration, so those
> of us capable of deciding what's unsafe can do so.

For the same reason Debian/Ubuntu have modified this check ages ago,
to also allow for keys which are owned by root and readable by a
particular group. A lot of our users want to share a common SSL
cert/key between all servers, and the upstream check makes this
impossible. (Ubuntu sets up all server packages in a way that they all
share a common SSL key called "snakeoil" which is generated on system
installation. By merely replacing this with a real one, your box
becomes sanely configured without fiddling with any configuration
files.)

I already proposed this patch two times, but it has been rejected so
far unfortunately. But maybe it's useful for you.

Martin

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

diff -Nur postgresql-8.2/build-tree/postgresql-8.2beta1/src/backend/libpq/be-secure.c postgresql-8.2.new/build-tree/postgresql-8.2beta1/src/backend/libpq/be-secure.c
--- postgresql-8.2beta1/src/backend/libpq/be-secure.c	2006-09-04 16:57:27.000000000 +0200
+++ postgresql-8.2beta1/src/backend/libpq/be-secure.c	2006-09-25 19:24:13.000000000 +0200
@@ -751,13 +751,15 @@
 		 * directory permission check in postmaster.c)
 		 */
 #if !defined(WIN32) && !defined(__CYGWIN__)
-		if (!S_ISREG(buf.st_mode) || (buf.st_mode & (S_IRWXG | S_IRWXO)) ||
-			buf.st_uid != geteuid())
+		if (!S_ISREG(buf.st_mode) || (buf.st_mode & (S_IWGRP | S_IRWXO)) ||
+			(buf.st_uid != geteuid()) && buf.st_uid != 0)
 			ereport(FATAL,
 					(errcode(ERRCODE_CONFIG_FILE_ERROR),
 					 errmsg("unsafe permissions on private key file \"%s\"",
 							SERVER_PRIVATE_KEY_FILE),
-					 errdetail("File must be owned by the database user and must have no permissions for \"group\" or \"other\".")));
+					 errdetail("File must be owned by the \
+database user or root, must have no write permission for \"group\", and must \
+have no permissions for \"other\".")));
 #endif
 
 		if (!SSL_CTX_use_PrivateKey_file(SSL_context,

signature.asc
Description: Digital signature