Re: [exim] How to access pgsql client cert when running suid…

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] How to access pgsql client cert when running suid ?
On 24/05/2022 16:58, Axel Rau via Exim-users wrote:
>
>
>> Am 24.05.2022 um 00:37 schrieb Jeremy Harris via Exim-users <exim-users@???>:
>>
>> On 23/05/2022 20:38, Axel Rau via Exim-users wrote:
>>> After turning on setuid bit on exim binary, it could no longer access
>>> the DB (error=‚valid client cert required‘)


It looks like the pgsql client library is doing certs stuff all on its
own.

https://www.postgresql.org/docs/9.1/libpq-ssl.html says it'll
send ~/.postgresql/postgresql.crt - and that is obviously
going to be a problem for a client that is dancing around different
user identities.

https://www.postgresql.org/docs/9.5/libpq-envars.html
lists PGSSLCERT and PGSSLKEY which look plausible as a way of
telling it specifically where to look.
So you just need to run with those set up in exim's environment.
Have a look at the "add_environment" min config option.

--
Cheers,
Jeremy