Patch that checks ownership and permissions on server static

bmomjian · bmomjian · commit b8b6691e5262 · 2002-06-14T04:35:02.000Z
private key.  (You want it to be a regular file owned by the
database process, with 0400 or 0600 permissions.)

Bear Giles
diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c
@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.3 2002/06/14 04:33:53 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.4 2002/06/14 04:35:02 momjian Exp $
  *
  *	  Since the server static private key ($DataDir/server.key)
  *	  will normally be stored unencrypted so that the database
@@ -59,7 +59,7 @@
  *	  [ ] use 'random' file, read from '/dev/urandom?'
  *	  [*] emphermal DH keys, default values
  *	  [*] periodic renegotiation
- *	  [ ] private key permissions
+ *	  [*] private key permissions
  *
  *	  milestone 4: provide endpoint authentication (client)
  *	  [ ] server verifies client certificates
@@ -551,7 +551,20 @@ initialize_SSL (void)
 							 fnbuf, SSLerrmessage());
 			ExitPostmaster(1);
 		}
+
 		snprintf(fnbuf, sizeof(fnbuf), "%s/server.key", DataDir);
+		if (lstat(fnbuf, &buf) == -1)
+		{
+			postmaster_error("failed to stat private key file (%s): %s",
+							 fnbuf, strerror(errno));
+			ExitPostmaster(1);
+		}
+		if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0077) ||
+			buf.st_uid != getuid())
+		{
+			postmaster_error("bad permissions on private key file (%s)", fnbuf);
+			ExitPostmaster(1);
+		}
 		if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
 		{
 			postmaster_error("failed to load private key file (%s): %s",
