Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commita8365a2

Browse files
committed
Revert "Secure Unix-domain sockets of "make check" temporary clusters."
About half of the buildfarm members use too-long directory names,strongly suggesting that this approach is a dead end.
1 parent8cade31 commita8365a2

File tree

2 files changed

+22
-44
lines changed

2 files changed

+22
-44
lines changed

‎doc/src/sgml/regress.sgml

Lines changed: 15 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -57,14 +57,21 @@ gmake check
5757

5858
<warning>
5959
<para>
60-
On systems lacking Unix-domain sockets, notably Windows, this test method
61-
starts a temporary server configured to accept any connection originating
62-
on the local machine. Any local user can gain database superuser
63-
privileges when connecting to this server, and could in principle exploit
64-
all privileges of the operating-system user running the tests. Therefore,
65-
it is not recommended that you use <literal>gmake check</> on an affected
66-
system shared with untrusted users. Instead, run the tests after
67-
completing the installation, as described in the next section.
60+
This test method starts a temporary server, which is configured to accept
61+
any connection originating on the local machine. Any local user can gain
62+
database superuser privileges when connecting to this server, and could
63+
in principle exploit all privileges of the operating-system user running
64+
the tests. Therefore, it is not recommended that you use <literal>gmake
65+
check</> on machines shared with untrusted users. Instead, run the tests
66+
after completing the installation, as described in the next section.
67+
</para>
68+
69+
<para>
70+
On Unix-like machines, this danger can be avoided if the temporary
71+
server's socket file is made inaccessible to other users, for example
72+
by running the tests in a protected chroot. On Windows, the temporary
73+
server opens a locally-accessible TCP socket, so filesystem protections
74+
cannot help.
6875
</para>
6976
</warning>
7077

@@ -104,17 +111,6 @@ gmake MAX_CONNECTIONS=10 check
104111
runs no more than ten tests concurrently.
105112
</para>
106113

107-
<para>
108-
To protect your operating system user account, the test driver places the
109-
server's socket in a relative subdirectory inaccessible to other users.
110-
Since most systems constrain the length of socket paths well
111-
below <literal>_POSIX_PATH_MAX</>, testing may fail to start from a
112-
directory with a long name. Work around this problem by pointing
113-
the <envar>PG_REGRESS_SOCK_DIR</> environment variable to a substitute
114-
socket directory having a shorter path. On a multi-user system, give that
115-
directory mode <literal>0700</>.
116-
</para>
117-
118114
<para>
119115
To run the tests after installation<![%standalone-ignore;[ (see <xref linkend="installation">)]]>,
120116
initialize a data area and start the

‎src/test/regress/pg_regress.c

Lines changed: 7 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,6 @@ static const char *progname;
106106
staticchar*logfilename;
107107
staticFILE*logfile;
108108
staticchar*difffilename;
109-
staticchar*sockdir;
110109

111110
static_resultmap*resultmap=NULL;
112111

@@ -764,7 +763,8 @@ initialize_environment(void)
764763
* the wrong postmaster, or otherwise behave in nondefault ways. (Note
765764
* we also use psql's -X switch consistently, so that ~/.psqlrc files
766765
* won't mess things up.) Also, set PGPORT to the temp port, and set
767-
* PGHOST depending on whether we are using TCP or Unix sockets.
766+
* or unset PGHOST depending on whether we are using TCP or Unix
767+
* sockets.
768768
*/
769769
unsetenv("PGDATABASE");
770770
unsetenv("PGUSER");
@@ -776,24 +776,7 @@ initialize_environment(void)
776776
if (hostname!=NULL)
777777
doputenv("PGHOST",hostname);
778778
else
779-
{
780-
sockdir=getenv("PG_REGRESS_SOCK_DIR");
781-
if (!sockdir)
782-
{
783-
/*
784-
* Since initdb creates the data directory with secure
785-
* permissions, we place the socket there. This ensures no
786-
* other OS user can open our socket to exploit our use of
787-
* trust authentication. Compared to using the compiled-in
788-
* DEFAULT_PGSOCKET_DIR, this also permits testing to work in
789-
* builds that relocate it to a directory not writable to the
790-
* build/test user.
791-
*/
792-
sockdir=malloc(strlen(temp_install)+sizeof("/data"));
793-
sprintf(sockdir,"%s/data",temp_install);
794-
}
795-
doputenv("PGHOST",sockdir);
796-
}
779+
unsetenv("PGHOST");
797780
unsetenv("PGHOSTADDR");
798781
if (port!=-1)
799782
{
@@ -2220,11 +2203,10 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc
22202203
*/
22212204
header(_("starting postmaster"));
22222205
snprintf(buf,sizeof(buf),
2223-
SYSTEMQUOTE"\"%s/postgres\" -D \"%s/data\" -F%s "
2224-
"-c \"listen_addresses=%s\" -k \"%s\" "
2225-
"> \"%s/log/postmaster.log\" 2>&1"SYSTEMQUOTE,
2226-
bindir,temp_install,debug ?" -d 5" :"",
2227-
hostname ?hostname :"",sockdir ?sockdir :"",
2206+
SYSTEMQUOTE"\"%s/postgres\" -D \"%s/data\" -F%s -c \"listen_addresses=%s\" > \"%s/log/postmaster.log\" 2>&1"SYSTEMQUOTE,
2207+
bindir,temp_install,
2208+
debug ?" -d 5" :"",
2209+
hostname ?hostname :"",
22282210
outputdir);
22292211
postmaster_pid=spawn_process(buf);
22302212
if (postmaster_pid==INVALID_PID)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp