PostgreSQL Bugs

Collected from the PG bugs email list.

Bug ID15930
PG Version11.4
OSLinux
Opened2019-07-27 15:16:55+00
Reported byGeorg Sauthoff
StatusNew

Body of first available message related to this bug follows.

The following bug has been logged on the website:

Bug reference:      15930
Logged by:          Georg Sauthoff
Email address:      (redacted)
PostgreSQL version: 11.4
Operating system:   Linux
Description:        

Under Linux, when supplying the password via PGPASSWORD to the psql command
the password can be easily retrieved from the /proc/$pid/environ pseudo file
(or indirectly with e.g. `ps ae`) - for the complete runtime of the psql
process.

Test case:
# Terminal 1
$ PGPASSWORD='geheim' psql -h 127.0.0.1 --user juser  -d juser

# Terminal 2
$ < /proc/$psqlpid/environ tr '\0' '\n' | grep PGPASSWORD

Expected output:
PGPASSWORD=xxxxxx

Actual output:
PGPASSWORD=geheim

See my gist for a minimal example that demonstrate how to redact the
password on linux:

https://gist.github.com/gsauthof/3efc1a7865fb70517ed741169b3bf11d

Redacting the password can be seen as a defense-in-depth measure.

It improves the security in use cases like this one:

A batch job script starts some long running psql processes. To avoid having
to enter the password several times, the script just asks once for the
password and then supplies it to each psql process in the PGPASSWORD
variable. Now the user forgets to lock his screen and leaves his desk. A
novice attacker present in the same office could now easily look up the
password in `/proc/$pid/environ` or - say - by executing `ps ae`.

Messages

DateAuthorSubject
2019-07-27 15:16:55+00PG Bug reporting formBUG #15930: Redact PGPASSWORD environment variable in psql
2019-07-27 15:23:29+00Tom LaneRe: BUG #15930: Redact PGPASSWORD environment variable in psql
2019-07-29 18:37:39+00Georg SauthoffRe: BUG #15930: Redact PGPASSWORD environment variable in psql
2019-07-30 02:29:43+00Michael PaquierRe: BUG #15930: Redact PGPASSWORD environment variable in psql