Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1n9vHy-0004eL-Py for pgsql-hackers@arkaria.postgresql.org; Tue, 18 Jan 2022 20:41:10 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1n9vHx-0000dg-Ko for pgsql-hackers@arkaria.postgresql.org; Tue, 18 Jan 2022 20:41:09 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1n9vHx-0000dX-Bh for pgsql-hackers@lists.postgresql.org; Tue, 18 Jan 2022 20:41:09 +0000 Received: from sss.pgh.pa.us ([66.207.139.130]) by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1n9vHs-0001hX-Vo for pgsql-hackers@lists.postgresql.org; Tue, 18 Jan 2022 20:41:09 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 20IKf2IE377059; Tue, 18 Jan 2022 15:41:02 -0500 From: Tom Lane To: David Steele cc: Stephen Frost , PostgreSQL Developers Subject: Re: Allow root ownership of client certificate key In-reply-to: <716ece6d-7500-8665-05f0-488e75c5525d@pgmasters.net> References: <20211108190405.GL20998@tamriel.snowman.net> <716ece6d-7500-8665-05f0-488e75c5525d@pgmasters.net> Comments: In-reply-to David Steele message dated "Mon, 08 Nov 2021 17:36:39 -0500" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <377057.1642538462.1@sss.pgh.pa.us> Date: Tue, 18 Jan 2022 15:41:02 -0500 Message-ID: <377058.1642538462@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk David Steele writes: > [ client-key-perm-002.patch ] I took a quick look at this and agree with the proposed behavior change, but also with your self-criticisms: > We may want to do the same on the server side to make the code blocks > look more similar. > > Also, on the server side the S_ISREG() check gets its own error and that > might be a good idea on the client side as well. As it is, the error > message on the client is going to be pretty confusing in this case. Particularly, I think the S_ISREG check should happen before any ownership/permissions checks; it just seems saner that way. The only other nitpick I have is that I'd make the cross-references be to the two file names, ie like "Note that similar checks are performed in fe-secure-openssl.c ..." References to the specific functions seem likely to bit-rot in the face of future code rearrangements. I suppose filename references could become obsolete too, but it seems less likely. regards, tom lane