We need to restrict where we are allowed to create files with the file keyring provider

General

Escalation

General

Escalation

Description

We can right now wreck all kinds of havoc by creating keyring files withing the data directory. Not only can we append data to existing files but we can also write new files.

One possible solution is to add a GUC which limits where these files can be created.

Environment

None

Activity

Zsolt Parragi 5 days ago

Another good idea is to add a header file to new files, and verify that the header is there in the existing file before overwriting it..

Details
Assignee
Unassigned
Reporter
andreas.karlsson
Labels
good-first-issuepg_tde
Needs QA
Yes
Components
Fix versions
pg_tde GA (WAL Beta)
Priority
Critical

Smart Checklist

Created 5 days ago

Updated yesterday

We need to restrict where we are allowed to create files with the file keyring provider

Description

Environment

Activity

Zsolt Parragi 5 days ago

DetailsAssigneeUnassignedUnassignedReporterandreas.karlssonandreas.karlssonLabelsgood-first-issuepg_tdeNeeds QAYesComponentsFix versionspg_tde GA (WAL Beta)PriorityCritical

Details

Assignee

Reporter

Labels

Needs QA

Components

Fix versions

Priority

Smart ChecklistOpen Smart Checklist

Smart Checklist

Details
Assignee
Unassigned
Reporter
andreas.karlsson
Labels
good-first-issuepg_tde
Needs QA
Yes
Components
Fix versions
pg_tde GA (WAL Beta)
Priority
Critical

Smart Checklist