Hi. I noticed this while checking the source (src/interfaces/libpq/fe-connect.c). It seems that S_IRWXU permission is harmful too.
In accord with [1] and [2] this should also be checked. Also, all other places in the source, S_IRWXU are checked. So, I propose adding this check to enhance the security. Maybe the error messages, do they need improvement as well? patchs attached. best regards, Ranier Vilela [1] https://docs.aws.amazon.com/codeguru/detector-library/cpp/loose-file-permissions/ [2] https://www.exploit-db.com/exploits/33145
enhance-security-file-permissions-be-secure-common.patch
Description: Binary data
enhance-security-file-permissions-fe-connect.patch
Description: Binary data
enhance-security-file-permissions-fe-secure-openssl.patch
Description: Binary data
enhance-security-file-permissions-pg_backup_tar.patch
Description: Binary data
