pgsql: postgres_fdw: improve security checks

public inbox for [email protected]  
help / color / mirror / Atom feed

pgsql: postgres_fdw: improve security checks
3+ messages / 2 participants
[nested] [flat]

* pgsql: postgres_fdw: improve security checks
@ 2025-03-24 15:01  Peter Eisentraut <[email protected]>
  0 siblings, 1 reply; 3+ messages in thread

From: Peter Eisentraut @ 2025-03-24 15:01 UTC (permalink / raw)
  To: [email protected]

postgres_fdw: improve security checks

SCRAM pass-through should not bypass the FDW security check as it was
implemented for postgres_fdw in commit 761c79508e7.

This commit improves the security check by adding new SCRAM
pass-through checks to ensure that the required SCRAM connection
options are not overwritten by the user mapping or foreign server
options.  This is meant to match the security requirements for a
password-using connection.

Since libpq has no SCRAM-specific equivalent of
PQconnectionUsedPassword(), we enforce this instead by making the
use_scram_passthrough option of postgres_fdw imply
require_auth=scram-sha-256.  This means that if use_scram_passthrough
is set, some situations that might otherwise have worked are
preempted, for example GSSAPI with delegated credentials.  This could
be enhanced in the future if there is desire for more flexibility.

Reported-by: Jacob Champion <[email protected]>
Author: Matheus Alcantara <[email protected]>
Co-authored-by: Jacob Champion <[email protected]>
Reviewed-by: Jacob Champion <[email protected]>
Discussion: https://www.postgresql.org/message-id/flat/CAFY6G8ercA1KES%3DE_0__R9QCTR805TTyYr1No8qF8ZxmMg8z2Q%40m...

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/76563f88cfbd91696e7ebe568dead648f2d229ff

Modified Files
--------------
contrib/postgres_fdw/connection.c        | 102 ++++++++++++++++++++++++++-----
contrib/postgres_fdw/t/001_auth_scram.pl |  41 +++++++++++++
doc/src/sgml/postgres-fdw.sgml           |  11 +---
3 files changed, 132 insertions(+), 22 deletions(-)

^ permalink  raw  reply  [nested|flat] 3+ messages in thread

* Re: pgsql: postgres_fdw: improve security checks
@ 2025-03-26 00:59  Tom Lane <[email protected]>
  parent: Peter Eisentraut <[email protected]>
  0 siblings, 1 reply; 3+ messages in thread

From: Tom Lane @ 2025-03-26 00:59 UTC (permalink / raw)
  To: Peter Eisentraut <[email protected]>; +Cc: [email protected]

Peter Eisentraut <[email protected]> writes:
> postgres_fdw: improve security checks

This patch is failing on "drongo" [1].  It looks like the problem
is that the pg_hba.conf file being used doesn't allow for TCP
loopback connections.

To make that safe, the test would have to be changed to not run by
default.  We could gate it with a PG_TEST_EXTRA check ... but the
end result would likely be that it gets run by just about nobody.
I wonder whether it's worth the trouble.

			regards, tom lane

[1] https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=drongo&dt=2025-03-25%2002%3A11%3A12

^ permalink  raw  reply  [nested|flat] 3+ messages in thread

* Re: pgsql: postgres_fdw: improve security checks
@ 2025-03-26 11:15  Peter Eisentraut <[email protected]>
  parent: Tom Lane <[email protected]>
  0 siblings, 0 replies; 3+ messages in thread

From: Peter Eisentraut @ 2025-03-26 11:15 UTC (permalink / raw)
  To: Tom Lane <[email protected]>; +Cc: [email protected]

On 26.03.25 01:59, Tom Lane wrote:
> Peter Eisentraut <[email protected]> writes:
>> postgres_fdw: improve security checks
> 
> This patch is failing on "drongo" [1].  It looks like the problem
> is that the pg_hba.conf file being used doesn't allow for TCP
> loopback connections.
> 
> To make that safe, the test would have to be changed to not run by
> default.  We could gate it with a PG_TEST_EXTRA check ... but the
> end result would likely be that it gets run by just about nobody.
> I wonder whether it's worth the trouble.

This has been fixed.







^ permalink  raw  reply  [nested|flat] 3+ messages in thread

end of thread, other threads:[~2025-03-26 11:15 UTC | newest]

Thread overview: 3+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2025-03-24 15:01 pgsql: postgres_fdw: improve security checks Peter Eisentraut <[email protected]>
2025-03-26 00:59 ` Tom Lane <[email protected]>
2025-03-26 11:15   ` Peter Eisentraut <[email protected]>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox