Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit3e7dfbd

Browse files
committed
Revert "Secure Unix-domain sockets of "make check" temporary clusters."
About half of the buildfarm members use too-long directory names,strongly suggesting that this approach is a dead end.
1 parent61017ea commit3e7dfbd

File tree

2 files changed

+22
-44
lines changed

2 files changed

+22
-44
lines changed

‎doc/src/sgml/regress.sgml

Lines changed: 15 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -58,14 +58,21 @@ gmake check
5858

5959
<warning>
6060
<para>
61-
On systems lacking Unix-domain sockets, notably Windows, this test method
62-
starts a temporary server configured to accept any connection originating
63-
on the local machine. Any local user can gain database superuser
64-
privileges when connecting to this server, and could in principle exploit
65-
all privileges of the operating-system user running the tests. Therefore,
66-
it is not recommended that you use <literal>gmake check</> on an affected
67-
system shared with untrusted users. Instead, run the tests after
68-
completing the installation, as described in the next section.
61+
This test method starts a temporary server, which is configured to accept
62+
any connection originating on the local machine. Any local user can gain
63+
database superuser privileges when connecting to this server, and could
64+
in principle exploit all privileges of the operating-system user running
65+
the tests. Therefore, it is not recommended that you use <literal>gmake
66+
check</> on machines shared with untrusted users. Instead, run the tests
67+
after completing the installation, as described in the next section.
68+
</para>
69+
70+
<para>
71+
On Unix-like machines, this danger can be avoided if the temporary
72+
server's socket file is made inaccessible to other users, for example
73+
by running the tests in a protected chroot. On Windows, the temporary
74+
server opens a locally-accessible TCP socket, so filesystem protections
75+
cannot help.
6976
</para>
7077
</warning>
7178

@@ -104,17 +111,6 @@ gmake MAX_CONNECTIONS=10 check
104111
</screen>
105112
runs no more than ten tests concurrently.
106113
</para>
107-
108-
<para>
109-
To protect your operating system user account, the test driver places the
110-
server's socket in a relative subdirectory inaccessible to other users.
111-
Since most systems constrain the length of socket paths well
112-
below <literal>_POSIX_PATH_MAX</>, testing may fail to start from a
113-
directory with a long name. Work around this problem by pointing
114-
the <envar>PG_REGRESS_SOCK_DIR</> environment variable to a substitute
115-
socket directory having a shorter path. On a multi-user system, give that
116-
directory mode <literal>0700</>.
117-
</para>
118114
</sect2>
119115

120116
<sect2>

‎src/test/regress/pg_regress.c

Lines changed: 7 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,6 @@ static const char *progname;
109109
staticchar*logfilename;
110110
staticFILE*logfile;
111111
staticchar*difffilename;
112-
staticchar*sockdir;
113112

114113
static_resultmap*resultmap=NULL;
115114

@@ -769,7 +768,8 @@ initialize_environment(void)
769768
* the wrong postmaster, or otherwise behave in nondefault ways. (Note
770769
* we also use psql's -X switch consistently, so that ~/.psqlrc files
771770
* won't mess things up.) Also, set PGPORT to the temp port, and set
772-
* PGHOST depending on whether we are using TCP or Unix sockets.
771+
* or unset PGHOST depending on whether we are using TCP or Unix
772+
* sockets.
773773
*/
774774
unsetenv("PGDATABASE");
775775
unsetenv("PGUSER");
@@ -781,24 +781,7 @@ initialize_environment(void)
781781
if (hostname!=NULL)
782782
doputenv("PGHOST",hostname);
783783
else
784-
{
785-
sockdir=getenv("PG_REGRESS_SOCK_DIR");
786-
if (!sockdir)
787-
{
788-
/*
789-
* Since initdb creates the data directory with secure
790-
* permissions, we place the socket there. This ensures no
791-
* other OS user can open our socket to exploit our use of
792-
* trust authentication. Compared to using the compiled-in
793-
* DEFAULT_PGSOCKET_DIR, this also permits testing to work in
794-
* builds that relocate it to a directory not writable to the
795-
* build/test user.
796-
*/
797-
sockdir=malloc(strlen(temp_install)+sizeof("/data"));
798-
sprintf(sockdir,"%s/data",temp_install);
799-
}
800-
doputenv("PGHOST",sockdir);
801-
}
784+
unsetenv("PGHOST");
802785
unsetenv("PGHOSTADDR");
803786
if (port!=-1)
804787
{
@@ -2270,11 +2253,10 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc
22702253
*/
22712254
header(_("starting postmaster"));
22722255
snprintf(buf,sizeof(buf),
2273-
SYSTEMQUOTE"\"%s/postgres\" -D \"%s/data\" -F%s "
2274-
"-c \"listen_addresses=%s\" -k \"%s\" "
2275-
"> \"%s/log/postmaster.log\" 2>&1"SYSTEMQUOTE,
2276-
bindir,temp_install,debug ?" -d 5" :"",
2277-
hostname ?hostname :"",sockdir ?sockdir :"",
2256+
SYSTEMQUOTE"\"%s/postgres\" -D \"%s/data\" -F%s -c \"listen_addresses=%s\" > \"%s/log/postmaster.log\" 2>&1"SYSTEMQUOTE,
2257+
bindir,temp_install,
2258+
debug ?" -d 5" :"",
2259+
hostname ?hostname :"",
22782260
outputdir);
22792261
postmaster_pid=spawn_process(buf);
22802262
if (postmaster_pid==INVALID_PID)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp