pgsql: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings
Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings
This allows different users to authenticate with different certificates.
Author: Craig Ringer
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/f5fd995a1a24e6571d26b1e29c4dc179112b1003
Modified Files
--------------
contrib/postgres_fdw/expected/postgres_fdw.out | 12 ++++++++++++
contrib/postgres_fdw/option.c | 9 +++++++++
contrib/postgres_fdw/sql/postgres_fdw.sql | 13 +++++++++++++
doc/src/sgml/postgres-fdw.sgml | 12 ++++++++++--
4 files changed, 44 insertions(+), 2 deletions(-)
On Thu, Jan 9, 2020 at 3:11 AM Andrew Dunstan <andrew@dunslane.net> wrote:
Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings
This allows different users to authenticate with different certificates.
Author: Craig Ringer
https://git.postgresql.org/pg/commitdiff/f5fd995a1a24e6571d26b1e29c4dc179112b1003
Does this mean that a non-superuser can induce postgres_fdw to read an
arbitrary file from the local filesystem?
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
Re: Robert Haas 2020-01-09 <CA+TgmoZEjyv_PD=2cinkbDA_chyLNAcBPL_9bKJQ6bc=nw+FHA@mail.gmail.com>
Does this mean that a non-superuser can induce postgres_fdw to read an
arbitrary file from the local filesystem?
Yes, see my comments in the "Allow 'sslkey' and 'sslcert' in
postgres_fdw user mappings" thread.
Christoph
On Thu, 9 Jan 2020 at 22:38, Christoph Berg <myon@debian.org> wrote:
Re: Robert Haas 2020-01-09 <CA+TgmoZEjyv_PD=2cinkbDA_chyLNAcBPL_9bKJQ6bc=
nw+FHA@mail.gmail.com>Does this mean that a non-superuser can induce postgres_fdw to read an
arbitrary file from the local filesystem?Yes, see my comments in the "Allow 'sslkey' and 'sslcert' in
postgres_fdw user mappings" thread.
Ugh, I misread your comment.
You raise a sensible concern.
These options should be treated the same as the proposed option to allow
passwordless connections: disallow creation or alteration of FDW connection
strings that use them by non-superusers. So a superuser can define a user
mapping that uses these options, but normal users may not.
--
Craig Ringer http://www.2ndQuadrant.com/
2ndQuadrant - PostgreSQL Solutions for the Enterprise
On 1/20/20 2:48 AM, Craig Ringer wrote:
On Thu, 9 Jan 2020 at 22:38, Christoph Berg <myon@debian.org
<mailto:myon@debian.org>> wrote:Re: Robert Haas 2020-01-09
<CA+TgmoZEjyv_PD=2cinkbDA_chyLNAcBPL_9bKJQ6bc=nw+FHA@mail.gmail.com
<mailto:nw%2BFHA@mail.gmail.com>>Does this mean that a non-superuser can induce postgres_fdw to
read an
arbitrary file from the local filesystem?
Yes, see my comments in the "Allow 'sslkey' and 'sslcert' in
postgres_fdw user mappings" thread.Ugh, I misread your comment.
You raise a sensible concern.
These options should be treated the same as the proposed option to
allow passwordless connections: disallow creation or alteration of FDW
connection strings that use them by non-superusers. So a superuser can
define a user mapping that uses these options, but normal users may not.
Already done.
cheers
andrew
--
Andrew Dunstan https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services