Enhance security permissions

Ranier Vilela <ranier.vf@gmail.com>

From: Ranier Vilela <ranier.vf@gmail.com>
To: Pg Hackers <pgsql-hackers@postgresql.org>
Date: 2025-11-04T12:20:53Z
Lists: pgsql-hackers

Attachments

Hi.

I noticed this while checking the source
(src/interfaces/libpq/fe-connect.c).
It seems that S_IRWXU permission is harmful too.

In accord with [1] and [2] this should also be checked.
Also, all other places in the source,  S_IRWXU are checked.

So, I propose adding this check to enhance the security.

Maybe the error messages, do they need improvement as well?

patchs attached.

best regards,
Ranier Vilela

[1]
https://docs.aws.amazon.com/codeguru/detector-library/cpp/loose-file-permissions/
[2] https://www.exploit-db.com/exploits/33145