Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exception when attempting to fetch SSL info #884

Open
bjones1 opened this issue Feb 9, 2022 · 1 comment
Open

Exception when attempting to fetch SSL info #884

bjones1 opened this issue Feb 9, 2022 · 1 comment

Comments

@bjones1
Copy link

bjones1 commented Feb 9, 2022
edited

Thanks for creating asyncpg! It's dramatically improved the performance of my open-source web application (Runestone Academy, a free interactive e-book).

To reproduce this bug, simply start asyncpg as a non-root user (one without permission to access /root).

  • asyncpg version: 0.25
  • PostgreSQL version: 12.7
  • Do you use a PostgreSQL SaaS? If so, which? Can you reproduce
    the issue with a local PostgreSQL install?    : I use AWS RDS; haven't tested locally
  • Python version: 3.9.1
  • Platform: Debian GNU/Linux 11 (bullseye)
  • Do you use pgbouncer?: No
  • Did you install asyncpg with pip?: Yes
  • If you built asyncpg locally, which version of Cython did you use?: N/A
  • Can the issue be reproduced under both asyncio and
    uvloop?    : I only use asyncio

I run asyncpg as a non-root user for improved security; this user lacks root access. During startup in asyncpg v. 0.25, I see the error like this:

  File "/srv/web2py/applications/runestone/.venv/lib/python3.9/site-packages/asyncpg/connection.py", line 2085, in connect
    return await connect_utils._connect(
  File "/srv/web2py/applications/runestone/.venv/lib/python3.9/site-packages/asyncpg/connect_utils.py", line 874, in _connect
  addrs, params, config = _parse_connect_arguments(timeout=timeout, **kwargs)
  File "/srv/web2py/applications/runestone/.venv/lib/python3.9/site-packages/asyncpg/connect_utils.py", line 640, in _parse_connect_arguments
  addrs, params = _parse_connect_dsn_and_args(
  File "/srv/web2py/applications/runestone/.venv/lib/python3.9/site-packages/asyncpg/connect_utils.py", line 543, in _parse_connect_dsn_and_args
    if not sslkey.exists():
  File "/usr/local/lib/python3.9/pathlib.py", line 1424, in exists
    self.stat()
  File "/usr/local/lib/python3.9/pathlib.py", line 1232, in stat
    return self._accessor.stat(self)
PermissionError: [Errno 13] Permission denied

In connect_utils.py line 543, asyncpg checks if a root-owned file exists. Unfortunately, a non-root user gets a permission denied exception instead of a False return value from exists(). It looks like wrapping this in a try/except would fix this bug. (It looks like a later exception needs PermissionError added to it.)

For me, reverting to asyncpg v. 0.24 causes my code to run without problems.
@hyeongguen-song
Copy link

Is there anything going on on this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bjones1 @hyeongguen-song