On Thu, Dec 04, 2014 at 02:42:41PM +0200, Heikki Linnakangas wrote: > On 10/06/2014 04:21 PM, Heikki Linnakangas wrote: > >This probably needs some further cleanup before it's ready for > >committing. One issues is that it creates a temporary cluster that > >listens for TCP connections on localhost, which isn't safe on a > >multi-user system. > > This issue remains. There isn't much we can do about it; SSL doesn't work > over Unix domain sockets. We could make it work, but that's a whole > different feature.
A large subset of the test suite could be made secure. Omit or lock down "trustdb", and skip affected tests. (Perhaps have an --unsafe-tests option to reactivate them.) Instead of distributing frozen keys, generate all keys on-demand. Ensure that key files have secure file modes from the start. Having said that, ... > How do people feel about including this test suite in the source tree? It's > probably not suitable for running as part of "make check-world", but it's > extremely handy if you're working on a patch related to SSL. I'd like to > commit this, even if it has some rough edges. That way we can improve it > later, rather than have it fall into oblivion. Any objections? ... +1 for having this suite in the tree, even if check-world ignores it. Echoing Tom's comment, the README should mention its security weakness. Thanks, nm -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
