From 40f2eec503237b34854c2249a4b6182c4f4800e2 Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Thu, 29 Aug 2002 23:06:32 +0000 Subject: [PATCH] > > > > If you want to put in security restrictions that are actually useful, > > > > where is the code to verify that PGPASSWORDFILE points at a > > > > non-world-readable file? That needs to be there now, not later, or > > > > we'll have people moaning about backward compatibility when we finally > > > > do plug that hole. Alvaro Herrera --- src/interfaces/libpq/fe-connect.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index 3272de9be5..b4667cfa43 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.198 2002/08/29 07:22:29 ishii Exp $ + * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.199 2002/08/29 23:06:32 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -16,10 +16,12 @@ #include "postgres_fe.h" #include +#include #include #include #include #include +#include #include "libpq-fe.h" #include "libpq-int.h" @@ -2904,6 +2906,7 @@ PasswordFromFile(char *hostname, char *port, char *dbname, FILE *fp; #define LINELEN NAMEDATALEN*5 char buf[LINELEN]; + struct stat stat_buf; if (pwdfile == NULL || strcmp(pwdfile, "") == 0) return NULL; @@ -2920,6 +2923,19 @@ PasswordFromFile(char *hostname, char *port, char *dbname, if (port == NULL) port = DEF_PGPORT_STR; + /* If password file cannot be opened, ignore it. */ + if (stat(pwdfile, &stat_buf) == -1) + return NULL; + + /* If password file is insecure, alert the user and ignore it. */ + if (stat_buf.st_mode & (S_IRWXG | S_IRWXO)) + { + fprintf(stderr, + libpq_gettext("WARNING: Password file %s has world or group read access; permission should be u=rw (0600)"), + pwdfile); + return NULL; + } + fp = fopen(pwdfile, "r"); if (fp == NULL) return NULL;