PostgreSQL Bugs

Collected from the PG bugs email list.

Bug ID15930
PG Version11.4
Opened2019-07-27 15:16:55+00
Reported byGeorg Sauthoff

Body of first available message related to this bug follows.

The following bug has been logged on the website:

Bug reference:      15930
Logged by:          Georg Sauthoff
Email address:      (redacted)
PostgreSQL version: 11.4
Operating system:   Linux

Under Linux, when supplying the password via PGPASSWORD to the psql command
the password can be easily retrieved from the /proc/$pid/environ pseudo file
(or indirectly with e.g. `ps ae`) - for the complete runtime of the psql

Test case:
# Terminal 1
$ PGPASSWORD='geheim' psql -h --user juser  -d juser

# Terminal 2
$ < /proc/$psqlpid/environ tr '\0' '\n' | grep PGPASSWORD

Expected output:

Actual output:

See my gist for a minimal example that demonstrate how to redact the
password on linux:

Redacting the password can be seen as a defense-in-depth measure.

It improves the security in use cases like this one:

A batch job script starts some long running psql processes. To avoid having
to enter the password several times, the script just asks once for the
password and then supplies it to each psql process in the PGPASSWORD
variable. Now the user forgets to lock his screen and leaves his desk. A
novice attacker present in the same office could now easily look up the
password in `/proc/$pid/environ` or - say - by executing `ps ae`.


2019-07-27 15:16:55+00PG Bug reporting formBUG #15930: Redact PGPASSWORD environment variable in psql
2019-07-27 15:23:29+00Tom LaneRe: BUG #15930: Redact PGPASSWORD environment variable in psql
2019-07-29 18:37:39+00Georg SauthoffRe: BUG #15930: Redact PGPASSWORD environment variable in psql
2019-07-30 02:29:43+00Michael PaquierRe: BUG #15930: Redact PGPASSWORD environment variable in psql