Re: [HACKERS] BUG #10680 - ldapbindpasswd leaks to postgresql log
On Wed, Jun 18, 2014 at 4:50 AM, Tom Lane t...@sss.pgh.pa.us wrote: Steven Siebert smsi...@gmail.com writes: Attached is a proposed patch for BUG #10680. It's a simple fix to the problem of the ldapbindpasswd leaking in clear text to the postgresql log. The patch simply removes the raw pg_hba.conf line from the log message, but retains the log line number to assist admins in troubleshooting. You haven't exactly explained why this is a problem. The proposed patch would impede diagnosing of many other problems, so it's not going to get committed without a thoroughly compelling rationale. Yes, properly logging that was intentional, in commit 7f49a67f954db3e92fd96963169fb8302959576e. Hint: I don't store my postmaster log securely is not compelling. We've been over that ground before; there are far too many reasons why access to the postmaster log is a potential security hazard to justify concluding that this particular one is worse. Yeah, and the password is already in cleartext in a file next to it. If we actually feel the need to get rid of it, we should do a better job. Such as actively blanking it out with something else. Since we know the password (we parsed it out), it shouldn't be impossible to actually blank out *just the password*, without ruining all the other diagnostics usage of it. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
[HACKERS] BUG #10680 - ldapbindpasswd leaks to postgresql log
Hello, Attached is a proposed patch for BUG #10680. It's a simple fix to the problem of the ldapbindpasswd leaking in clear text to the postgresql log. The patch simply removes the raw pg_hba.conf line from the log message, but retains the log line number to assist admins in troubleshooting. The patch is against the master branch and compiles/tests green. Please let me know if there is anything I can do to get this worked into the next (or perhaps current?) commit fest. This is a critical issue for us to meet government accreditation (security) requirements. Thanks, Steve bug_10680_v1.patch Description: Binary data -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] BUG #10680 - ldapbindpasswd leaks to postgresql log
Steven Siebert smsi...@gmail.com writes: Attached is a proposed patch for BUG #10680. It's a simple fix to the problem of the ldapbindpasswd leaking in clear text to the postgresql log. The patch simply removes the raw pg_hba.conf line from the log message, but retains the log line number to assist admins in troubleshooting. You haven't exactly explained why this is a problem. The proposed patch would impede diagnosing of many other problems, so it's not going to get committed without a thoroughly compelling rationale. Hint: I don't store my postmaster log securely is not compelling. We've been over that ground before; there are far too many reasons why access to the postmaster log is a potential security hazard to justify concluding that this particular one is worse. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers