Patch that checks ownership and permissions on server static

private key. (You want it to be a regular file owned by the database process, with 0400 or 0600 permissions.) Bear Giles
2002-06-14 04:35:02 +00:00 · 2002-06-14 04:35:02 +00:00 · b8b6691e52
commit b8b6691e52
parent 8f44024639
1 changed files with 15 additions and 2 deletions
--- a/src/backend/libpq/be-secure.c
+++ b/src/backend/libpq/be-secure.c
@ -11,7 +11,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.3 2002/06/14 04:33:53 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.4 2002/06/14 04:35:02 momjian Exp $
 *
 *	  Since the server static private key ($DataDir/server.key)
 *	  will normally be stored unencrypted so that the database
@ -59,7 +59,7 @@
 *	  [ ] use 'random' file, read from '/dev/urandom?'
 *	  [*] emphermal DH keys, default values
 *	  [*] periodic renegotiation
- *	  [ ] private key permissions
+ *	  [*] private key permissions
 *
 *	  milestone 4: provide endpoint authentication (client)
 *	  [ ] server verifies client certificates
@ -551,7 +551,20 @@ initialize_SSL (void)
 							 fnbuf, SSLerrmessage());
 			ExitPostmaster(1);
 		}
+
 		snprintf(fnbuf, sizeof(fnbuf), "%s/server.key", DataDir);
+		if (lstat(fnbuf, &buf) == -1)
+		{
+			postmaster_error("failed to stat private key file (%s): %s",
+							 fnbuf, strerror(errno));
+			ExitPostmaster(1);
+		}
+		if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0077) ||
+			buf.st_uid != getuid())
+		{
+			postmaster_error("bad permissions on private key file (%s)", fnbuf);
+			ExitPostmaster(1);
+		}
 		if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
 		{
 			postmaster_error("failed to load private key file (%s): %s",