Collected from the PG bugs email list.
|Reported by||Georg Sauthoff|
Body of first available message related to this bug follows.
The following bug has been logged on the website: Bug reference: 15930 Logged by: Georg Sauthoff Email address: (redacted) PostgreSQL version: 11.4 Operating system: Linux Description: Under Linux, when supplying the password via PGPASSWORD to the psql command the password can be easily retrieved from the /proc/$pid/environ pseudo file (or indirectly with e.g. `ps ae`) - for the complete runtime of the psql process. Test case: # Terminal 1 $ PGPASSWORD='geheim' psql -h 127.0.0.1 --user juser -d juser # Terminal 2 $ < /proc/$psqlpid/environ tr '\0' '\n' | grep PGPASSWORD Expected output: PGPASSWORD=xxxxxx Actual output: PGPASSWORD=geheim See my gist for a minimal example that demonstrate how to redact the password on linux: https://gist.github.com/gsauthof/3efc1a7865fb70517ed741169b3bf11d Redacting the password can be seen as a defense-in-depth measure. It improves the security in use cases like this one: A batch job script starts some long running psql processes. To avoid having to enter the password several times, the script just asks once for the password and then supplies it to each psql process in the PGPASSWORD variable. Now the user forgets to lock his screen and leaves his desk. A novice attacker present in the same office could now easily look up the password in `/proc/$pid/environ` or - say - by executing `ps ae`.
|2019-07-27 15:16:55+00||PG Bug reporting form||BUG #15930: Redact PGPASSWORD environment variable in psql|
|2019-07-27 15:23:29+00||Tom Lane||Re: BUG #15930: Redact PGPASSWORD environment variable in psql|
|2019-07-29 18:37:39+00||Georg Sauthoff||Re: BUG #15930: Redact PGPASSWORD environment variable in psql|
|2019-07-30 02:29:43+00||Michael Paquier||Re: BUG #15930: Redact PGPASSWORD environment variable in psql|