On Thu, Oct 19, 2017 at 08:22:18AM -0400, Andrew Dunstan wrote: > > > On 10/19/2017 02:12 AM, Tom Lane wrote: > > Desidero <desidero@xxxxxxxxx> writes: > >> I’m running into problems with the restriction on pgpass file types. When > >> attempting to use something like an anonymous pipe for a passfile, psql > >> throws an error stating that it only accepts plain files. > >> ... > >> Does anyone know why it’s set up to avoid using things like anonymous pipes > >> (or anything but "plain files")? > > A bit of digging in the git history says that the check was added here: > > > > commit 453d74b99c9ba6e5e75d214b0d7bec13553ded89 > > Author: Bruce Momjian <bruce@xxxxxxxxxx> > > Date: Fri Jun 10 03:02:30 2005 +0000 > > > > Add the "PGPASSFILE" environment variable to specify to the password > > file. > > > > Andrew Dunstan > > > > and poking around in the mailing list archives from that time finds > > what seems to be the originating thread: > > > > https://www.postgresql.org/message-id/flat/4123BF8C.5000909%40pse-consulting.de > > > > There's no real discussion there of the check for plain-file-ness. > > My first guess would have been that the idea was to guard against > > symlink attacks; but then surely the stat call needed to have been > > changed to lstat? So I'm not quite sure of the reasoning. Perhaps > > Andrew remembers. > > > > That was written 13 years ago. I'm afraid my memory isn't that good. I am coming in late here, but the thread does say: https://www.postgresql.org/message-id/200506100302.j5A32aj12016%40candle.pha.pa.us Another new addition is that we now will check to see that the password file is a regular file and not a symlink or something. This was part of your patch for PGPASSFILE but I extended it to ~/.pgpass too. Seems the stat, and not lstat, usage is a bug. -- Bruce Momjian <bruce@xxxxxxxxxx> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
