Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit8407bb3

Browse files
committed
Remove useless setuid() call, instead add a check that real and effective
userids are the same. Per today's pghackers discussion.
1 parent9ae6819 commit8407bb3

File tree

3 files changed

+42
-22
lines changed

3 files changed

+42
-22
lines changed

‎src/backend/main/main.c

Lines changed: 38 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
*
1414
*
1515
* IDENTIFICATION
16-
* $Header: /cvsroot/pgsql/src/backend/main/main.c,v 1.42 2001/03/22 03:59:30 momjian Exp $
16+
* $Header: /cvsroot/pgsql/src/backend/main/main.c,v 1.43 2001/04/21 18:29:29 tgl Exp $
1717
*
1818
*-------------------------------------------------------------------------
1919
*/
@@ -103,22 +103,46 @@ main(int argc, char *argv[])
103103
*/
104104

105105
/*
106-
* Make sure we are not running as root.
107-
*
108-
* BeOS currently runs everything as root :-(, so this check must be
109-
* temporarily disabled there...
106+
* Skip permission checks if we're just trying to do --help or --version;
107+
* otherwise root will get unhelpful failure messages from initdb.
110108
*/
111-
#ifndef__BEOS__
112109
if (!(argc>1
113-
&& (strcmp(argv[1],"--help")==0||strcmp(argv[1],"-?")==0
114-
||strcmp(argv[1],"--version")==0||strcmp(argv[1],"-V")==0))
115-
&& (geteuid()==0))
110+
&& (strcmp(argv[1],"--help")==0||
111+
strcmp(argv[1],"-?")==0||
112+
strcmp(argv[1],"--version")==0||
113+
strcmp(argv[1],"-V")==0)))
116114
{
117-
fprintf(stderr,"%s",NOROOTEXEC);
118-
exit(1);
119-
}
115+
/*
116+
* Make sure we are not running as root.
117+
*
118+
* BeOS currently runs everything as root :-(, so this check must be
119+
* temporarily disabled there...
120+
*/
121+
#ifndef__BEOS__
122+
if (geteuid()==0)
123+
{
124+
fprintf(stderr,"%s",NOROOTEXEC);
125+
exit(1);
126+
}
120127
#endif/* __BEOS__ */
121128

129+
/*
130+
* Also make sure that real and effective uids are the same.
131+
* Executing Postgres as a setuid program from a root shell is a
132+
* security hole, since on many platforms a nefarious subroutine could
133+
* setuid back to root if real uid is root. (Since nobody actually
134+
* uses Postgres as a setuid program, trying to actively fix this
135+
* situation seems more trouble than it's worth; we'll just expend the
136+
* effort to check for it.)
137+
*/
138+
if (getuid()!=geteuid())
139+
{
140+
fprintf(stderr,"%s: real and effective userids must match\n",
141+
argv[0]);
142+
exit(1);
143+
}
144+
}
145+
122146
/*
123147
* Set up locale information from environment, in only the categories
124148
* needed by Postgres; leave other categories set to default "C".
@@ -162,7 +186,8 @@ main(int argc, char *argv[])
162186
pw=getpwuid(geteuid());
163187
if (pw==NULL)
164188
{
165-
fprintf(stderr,"%s: invalid current euid",argv[0]);
189+
fprintf(stderr,"%s: invalid current euid %d\n",
190+
argv[0], (int)geteuid());
166191
exit(1);
167192
}
168193
/* Allocate new memory because later getpwuid() calls can overwrite it */

‎src/backend/utils/init/findbe.c

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*
88
*
99
* IDENTIFICATION
10-
* $Header: /cvsroot/pgsql/src/backend/utils/init/Attic/findbe.c,v 1.20 2001/01/24 19:43:15 momjian Exp $
10+
* $Header: /cvsroot/pgsql/src/backend/utils/init/Attic/findbe.c,v 1.21 2001/04/21 18:29:29 tgl Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -93,9 +93,6 @@ ValidateBinary(char *path)
9393
/*
9494
* Ensure that the file is both executable and readable (required for
9595
* dynamic loading).
96-
*
97-
* We use the effective uid here because the backend will not have
98-
* executed setuid() by the time it calls this routine.
9996
*/
10097
euid=geteuid();
10198
if (euid==buf.st_uid)

‎src/backend/utils/init/postinit.c

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.83 2001/03/22 06:16:18 momjian Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.84 2001/04/21 18:29:29 tgl Exp $
1212
*
1313
*
1414
*-------------------------------------------------------------------------
@@ -335,16 +335,14 @@ InitPostgres(const char *dbname, const char *username)
335335
LockDisable(true);
336336

337337
/*
338-
*Set ourselves to the properuser id and figure out our postgres
339-
*user id.
338+
*Figure out our postgresuser id. If bootstrapping, we can't
339+
*assume that pg_shadow exists yet, so fake it.
340340
*/
341341
if (bootstrap)
342342
SetSessionUserId(geteuid());
343343
else
344344
SetSessionUserIdFromUserName(username);
345345

346-
setuid(geteuid());
347-
348346
/*
349347
* Unless we are bootstrapping, double-check that InitMyDatabaseInfo()
350348
* got a correct result. We can't do this until all the

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp