GNU bug report logs - #36191
[PATCH] gnu: postgres service: More secure default permissions.

Previous Next

Package: guix-patches;

Reported by: Robert Vollmert <rob <at> vllmrt.net>

Date: Thu, 13 Jun 2019 13:52:01 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#36191: closed ([PATCH] gnu: postgres service: More secure
 default permissions.)
Date: Tue, 02 Jul 2019 15:12:01 +0000

[Message part 1 (text/plain, inline)]
Your message dated Tue, 02 Jul 2019 17:11:38 +0200
with message-id <87imsk79p1.fsf <at> gnu.org>
and subject line Re: [bug#36191] [PATCH] gnu: postgres service: More secure default permissions.
has caused the debbugs.gnu.org bug report #36191,
regarding [PATCH] gnu: postgres service: More secure default permissions.
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
36191: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=36191
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Robert Vollmert <rob <at> vllmrt.net>
To: guix-patches <at> gnu.org
Cc: Robert Vollmert <rob <at> vllmrt.net>
Subject: [PATCH] gnu: postgres service: More secure default permissions.
Date: Thu, 13 Jun 2019 15:50:37 +0200

This changes to 'peer' authentication for local socket connections,
and password-based authentication for local network connections.

* gnu/services/databases.scm (%default-postgres-hba): Change
authentication method.
---
 gnu/services/databases.scm | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm
index 7113f1f2a1..ec31489d48 100644
--- a/gnu/services/databases.scm
+++ b/gnu/services/databases.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2017 Christopher Baines <mail <at> cbaines.net>
 ;;; Copyright © 2018 Clément Lassieur <clement <at> lassieur.org>
 ;;; Copyright © 2018 Julien Lepiller <julien <at> lepiller.eu>
+;;; Copyright © 2019 Robert Vollmert <rob <at> vllmrt.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -91,9 +92,9 @@
 (define %default-postgres-hba
   (plain-file "pg_hba.conf"
               "
-local	all	all			trust
-host	all	all	127.0.0.1/32 	trust
-host	all	all	::1/128 	trust"))
+local	all	all			peer
+host	all	all	127.0.0.1/32 	md5
+host	all	all	::1/128 	md5"))
 
 (define %default-postgres-ident
   (plain-file "pg_ident.conf"
-- 
2.20.1 (Apple Git-117)




[Message part 3 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: Giovanni Biscuolo <g <at> xelera.eu>
Cc: 36191-done <at> debbugs.gnu.org, Robert Vollmert <rob <at> vllmrt.net>
Subject: Re: [bug#36191] [PATCH] gnu: postgres service: More secure default
 permissions.
Date: Tue, 02 Jul 2019 17:11:38 +0200

Hello,

Giovanni Biscuolo <g <at> xelera.eu> skribis:

> It's very reasonable to have such default auth methods for PostgresSQL:
> we should apply this patch

Christopher Baines <mail <at> cbaines.net> skribis:

> I'm definitely no authority on PostgreSQL authentication, but this
> sounds sensible to me.

Alright, applied, thanks for your feedback!

Ludo’.
This bug report was last modified 6 years and 20 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.