Re: [exim] How to access pgsql client cert when running suid…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jeremy Harris
Date:  
À: exim-users
Sujet: Re: [exim] How to access pgsql client cert when running suid ?
On 24/05/2022 16:58, Axel Rau via Exim-users wrote:
>
>
>> Am 24.05.2022 um 00:37 schrieb Jeremy Harris via Exim-users <exim-users@???>:
>>
>> On 23/05/2022 20:38, Axel Rau via Exim-users wrote:
>>> After turning on setuid bit on exim binary, it could no longer access
>>> the DB (error=‚valid client cert required‘)


It looks like the pgsql client library is doing certs stuff all on its
own.

https://www.postgresql.org/docs/9.1/libpq-ssl.html says it'll
send ~/.postgresql/postgresql.crt - and that is obviously
going to be a problem for a client that is dancing around different
user identities.

https://www.postgresql.org/docs/9.5/libpq-envars.html
lists PGSSLCERT and PGSSLKEY which look plausible as a way of
telling it specifically where to look.
So you just need to run with those set up in exim's environment.
Have a look at the "add_environment" min config option.

--
Cheers,
Jeremy