asyncpg icon indicating copy to clipboard operation
asyncpg copied to clipboard

Published 20 hours ago verified publisher icon MagicStack

Exception when attempting to fetch SSL info

Open bjones1 opened this issue 3 years ago • 1 comments

Thanks for creating asyncpg! It's dramatically improved the performance of my open-source web application (Runestone Academy, a free interactive e-book).

To reproduce this bug, simply start asyncpg as a non-root user (one without permission to access /root).

  • asyncpg version: 0.25
  • PostgreSQL version: 12.7
  • Do you use a PostgreSQL SaaS? If so, which? Can you reproduce the issue with a local PostgreSQL install?: I use AWS RDS; haven't tested locally
  • Python version: 3.9.1
  • Platform: Debian GNU/Linux 11 (bullseye)
  • Do you use pgbouncer?: No
  • Did you install asyncpg with pip?: Yes
  • If you built asyncpg locally, which version of Cython did you use?: N/A
  • Can the issue be reproduced under both asyncio and uvloop?: I only use asyncio

I run asyncpg as a non-root user for improved security; this user lacks root access. During startup in asyncpg v. 0.25, I see the error like this:

  File "/srv/web2py/applications/runestone/.venv/lib/python3.9/site-packages/asyncpg/connection.py", line 2085, in connect
    return await connect_utils._connect(
  File "/srv/web2py/applications/runestone/.venv/lib/python3.9/site-packages/asyncpg/connect_utils.py", line 874, in _connect
  addrs, params, config = _parse_connect_arguments(timeout=timeout, **kwargs)
  File "/srv/web2py/applications/runestone/.venv/lib/python3.9/site-packages/asyncpg/connect_utils.py", line 640, in _parse_connect_arguments
  addrs, params = _parse_connect_dsn_and_args(
  File "/srv/web2py/applications/runestone/.venv/lib/python3.9/site-packages/asyncpg/connect_utils.py", line 543, in _parse_connect_dsn_and_args
    if not sslkey.exists():
  File "/usr/local/lib/python3.9/pathlib.py", line 1424, in exists
    self.stat()
  File "/usr/local/lib/python3.9/pathlib.py", line 1232, in stat
    return self._accessor.stat(self)
PermissionError: [Errno 13] Permission denied

In connect_utils.py line 543, asyncpg checks if a root-owned file exists. Unfortunately, a non-root user gets a permission denied exception instead of a False return value from exists(). It looks like wrapping this in a try/except would fix this bug. (It looks like a later exception needs PermissionError added to it.)

For me, reverting to asyncpg v. 0.24 causes my code to run without problems.

bjones1 avatar Feb 09 '22 00:02 bjones1

Is there anything going on on this issue?

hyeongguen-song avatar Dec 26 '22 09:12 hyeongguen-song