Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit6ef3254

Browse files
committed
Document risks of "make check" in the regression testing instructions.
Since the temporary server started by "make check" uses "trust"authentication, another user on the same machine could connect to itas database superuser, and then potentially exploit the privileges ofthe operating-system user who started the tests. We should changethe testing procedures to prevent this risk; but discussion is requiredabout the best way to do that, as well as more testing than is practicalfor an undisclosed security problem. Besides, the same issue probablyaffects some user-written test harnesses. So for the moment, we'll justwarn people against using "make check" when there are untrusted users onthe same machine.In passing, remove some ancient advice that suggested making theregression testing subtree world-writable if you'd built as root.That looks dangerously insecure in modern contexts, and anyway weshould not be encouraging people to build Postgres as root.Security:CVE-2014-0067
1 parent0182438 commit6ef3254

File tree

1 file changed

+22
-16
lines changed

1 file changed

+22
-16
lines changed

‎doc/src/sgml/regress.sgml

Lines changed: 22 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -56,25 +56,31 @@ make check
5656
<quote>failure</> represents a serious problem.
5757
</para>
5858

59+
<warning>
5960
<para>
60-
Because thistest methodruns a temporary server,it will not work
61-
when you aretheroot user (since the server will not start as root).
62-
If you already did the build as root, you do not have to start all
63-
over. Instead, make the regression test directory writable by
64-
some other user, log in asthatuser, and restart the tests.
65-
For example:
66-
<screen>
67-
<prompt>root# </prompt><userinput>chmod -R a+w src/test/regress</userinput>
68-
<prompt>root# </prompt><userinput>su - joeuser</userinput>
69-
<prompt>joeuser$ </prompt><userinput>cd <replaceable>top-level build directory</></userinput>
70-
<prompt>joeuser$ </prompt><userinput>make check</userinput>
71-
</screen>
72-
(The only possible <quote>security risk</quote> here is that other
73-
users might be able to alter the regression test results behind
74-
your back. Use common sense when managing user permissions.)
61+
Thistest methodstarts a temporary server,which is configured to accept
62+
any connection originating onthelocal machine. Any local user can gain
63+
database superuser privileges when connecting to this server, and could
64+
in principle exploit all privileges of the operating-system user running
65+
the tests. Therefore, it is not recommendedthatyou use <literal>make
66+
check</> on machines shared with untrusted users. Instead, run the tests
67+
after completing the installation, as described in the next section.
68+
</para>
69+
70+
<para>
71+
On Unix-like machines, this danger can be avoided if the temporary
72+
server's socket file is made inaccessible to other users, for example
73+
by running the tests in a protected chroot. On Windows, the temporary
74+
server opens a locally-accessible TCP socket, so filesystem protections
75+
cannot help.
7576
</para>
77+
</warning>
78+
7679
<para>
77-
Alternatively, run the tests after installation.
80+
Because this test method runs a temporary server, it will not work
81+
if you did the build as the root user, since the server will not start as
82+
root. Recommended procedure is not to do the build as root, or else to
83+
perform testing after completing the installation.
7884
</para>
7985

8086
<para>

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp