Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit0fba3be

Browse files
committed
Simplify validate_exec() by using access(2) to check file permissions,
rather than trying to implement the equivalent logic by hand. The motivationfor the original coding appears to have been to check with the effective uid'spermissions not the real uid's; but there is no longer any difference, becausewe don't run the postmaster setuid (indeed, main.c enforces that they're thesame). Using access() means we will get it right in situations the originalcoding failed to handle, such as ACL-based permissions. Besides it's a lotshorter, cleaner, and more thread-safe. Per bug #5275 from James Bellinger.
1 parent715120e commit0fba3be

File tree

1 file changed

+8
-78
lines changed

1 file changed

+8
-78
lines changed

‎src/port/exec.c

Lines changed: 8 additions & 78 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
*
1010
*
1111
* IDENTIFICATION
12-
* $PostgreSQL: pgsql/src/port/exec.c,v 1.66 2010/01/02 16:58:13 momjian Exp $
12+
* $PostgreSQL: pgsql/src/port/exec.c,v 1.67 2010/01/14 00:14:06 tgl Exp $
1313
*
1414
*-------------------------------------------------------------------------
1515
*/
@@ -20,25 +20,11 @@
2020
#include"postgres_fe.h"
2121
#endif
2222

23-
#include<grp.h>
24-
#include<pwd.h>
2523
#include<signal.h>
2624
#include<sys/stat.h>
2725
#include<sys/wait.h>
2826
#include<unistd.h>
2927

30-
#ifndefS_IRUSR/* XXX [TRH] should be in a header */
31-
#defineS_IRUSR S_IREAD
32-
#defineS_IWUSR S_IWRITE
33-
#defineS_IXUSR S_IEXEC
34-
#defineS_IRGRP ((S_IRUSR)>>3)
35-
#defineS_IWGRP ((S_IWUSR)>>3)
36-
#defineS_IXGRP ((S_IXUSR)>>3)
37-
#defineS_IROTH ((S_IRUSR)>>6)
38-
#defineS_IWOTH ((S_IWUSR)>>6)
39-
#defineS_IXOTH ((S_IXUSR)>>6)
40-
#endif
41-
4228
#ifndefFRONTEND
4329
/* We use only 3-parameter elog calls in this file, for simplicity */
4430
/* NOTE: caller must provide gettext call around str! */
@@ -70,20 +56,12 @@ static int
7056
validate_exec(constchar*path)
7157
{
7258
structstatbuf;
73-
74-
#ifndefWIN32
75-
uid_teuid;
76-
structgroup*gp;
77-
structpasswd*pwp;
78-
inti;
79-
intin_grp=0;
80-
#else
81-
charpath_exe[MAXPGPATH+sizeof(".exe")-1];
82-
#endif
8359
intis_r;
8460
intis_x;
8561

8662
#ifdefWIN32
63+
charpath_exe[MAXPGPATH+sizeof(".exe")-1];
64+
8765
/* Win32 requires a .exe suffix for stat() */
8866
if (strlen(path) >=strlen(".exe")&&
8967
pg_strcasecmp(path+strlen(path)-strlen(".exe"),".exe")!=0)
@@ -106,62 +84,18 @@ validate_exec(const char *path)
10684
if (!S_ISREG(buf.st_mode))
10785
return-1;
10886

109-
/*
110-
* Ensure that we are using an authorized executable.
111-
*/
112-
11387
/*
11488
* Ensure that the file is both executable and readable (required for
11589
* dynamic loading).
11690
*/
117-
#ifdefWIN32
91+
#ifndefWIN32
92+
is_r= (access(path,R_OK)==0);
93+
is_x= (access(path,X_OK)==0);
94+
#else
11895
is_r=buf.st_mode&S_IRUSR;
11996
is_x=buf.st_mode&S_IXUSR;
120-
returnis_x ? (is_r ?0 :-2) :-1;
121-
#else
122-
euid=geteuid();
123-
124-
/* If owned by us, just check owner bits */
125-
if (euid==buf.st_uid)
126-
{
127-
is_r=buf.st_mode&S_IRUSR;
128-
is_x=buf.st_mode&S_IXUSR;
129-
returnis_x ? (is_r ?0 :-2) :-1;
130-
}
131-
132-
/* OK, check group bits */
133-
134-
pwp=getpwuid(euid);/* not thread-safe */
135-
if (pwp)
136-
{
137-
if (pwp->pw_gid==buf.st_gid)/* my primary group? */
138-
++in_grp;
139-
elseif (pwp->pw_name&&
140-
(gp=getgrgid(buf.st_gid))!=NULL&&/* not thread-safe */
141-
gp->gr_mem!=NULL)
142-
{/* try list of member groups */
143-
for (i=0;gp->gr_mem[i];++i)
144-
{
145-
if (!strcmp(gp->gr_mem[i],pwp->pw_name))
146-
{
147-
++in_grp;
148-
break;
149-
}
150-
}
151-
}
152-
if (in_grp)
153-
{
154-
is_r=buf.st_mode&S_IRGRP;
155-
is_x=buf.st_mode&S_IXGRP;
156-
returnis_x ? (is_r ?0 :-2) :-1;
157-
}
158-
}
159-
160-
/* Check "other" bits */
161-
is_r=buf.st_mode&S_IROTH;
162-
is_x=buf.st_mode&S_IXOTH;
163-
returnis_x ? (is_r ?0 :-2) :-1;
16497
#endif
98+
returnis_x ? (is_r ?0 :-2) :-1;
16599
}
166100

167101

@@ -178,10 +112,6 @@ validate_exec(const char *path)
178112
* path because we will later change working directory. Finally, we want
179113
* a true path not a symlink location, so that we can locate other files
180114
* that are part of our installation relative to the executable.
181-
*
182-
* This function is not thread-safe because it calls validate_exec(),
183-
* which calls getgrgid().This function should be used only in
184-
* non-threaded binaries, not in library routines.
185115
*/
186116
int
187117
find_my_exec(constchar*argv0,char*retpath)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp