Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commitd8ba3df

Browse files
committed
Change backend-side COPY to write files with permissions 644 not 666
(whoever thought world-writable files were a good default????). Modifythe pg_pwd code so that pg_pwd is created with 600 permissions. Modifyinitdb so that permissions on a pre-existing PGDATA directory are notblindly accepted: if the dir is already there, it does chmod go-rwxto be sure that the permissions are OK and the dir actually is ownedby postgres.
1 parent76ccf73 commitd8ba3df

File tree

5 files changed

+49
-23
lines changed

5 files changed

+49
-23
lines changed

‎src/backend/commands/copy.c

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
*
77
*
88
* IDENTIFICATION
9-
* $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.89 1999/09/27 20:00:44 momjian Exp $
9+
* $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.90 1999/11/21 04:16:17 tgl Exp $
1010
*
1111
*-------------------------------------------------------------------------
1212
*/
@@ -214,12 +214,12 @@ CopyDonePeek(FILE *fp, int c, int pickup)
214214

215215

216216
/*
217-
* DoCopy executesathe SQL COPY statement.
217+
* DoCopy executes the SQL COPY statement.
218218
*/
219219

220220
void
221221
DoCopy(char*relname,boolbinary,booloids,boolfrom,boolpipe,
222-
char*filename,char*delim)
222+
char*filename,char*delim,intfileumask)
223223
{
224224
/*----------------------------------------------------------------------------
225225
Either unload or reload contents of class <relname>, depending on <from>.
@@ -234,6 +234,11 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
234234
235235
If in the text format, delimit columns with delimiter <delim>.
236236
237+
<fileumask> is the umask(2) setting to use while creating an output file.
238+
This should usually be more liberal than the backend's normal 077 umask,
239+
but not always (in particular, "pg_pwd" should be written with 077!).
240+
Up through version 6.5, <fileumask> was always 000, which was foolhardy.
241+
237242
When loading in the text format from an input stream (as opposed to
238243
a file), recognize a "." on a line by itself as EOF.Also recognize
239244
a stream EOF. When unloading in the text format to an output stream,
@@ -316,7 +321,7 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
316321
{
317322
mode_toumask;/* Pre-existing umask value */
318323

319-
oumask=umask((mode_t)0);
324+
oumask=umask((mode_t)fileumask);
320325
#ifndef__CYGWIN32__
321326
fp=AllocateFile(filename,"w");
322327
#else

‎src/backend/commands/user.c

Lines changed: 22 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
*
66
* Copyright (c) 1994, Regents of the University of California
77
*
8-
* $Id: user.c,v 1.35 1999/09/2716:44:50 momjian Exp $
8+
* $Id: user.c,v 1.36 1999/11/21 04:16:16 tgl Exp $
99
*
1010
*-------------------------------------------------------------------------
1111
*/
@@ -20,6 +20,7 @@
2020
#include"catalog/catname.h"
2121
#include"catalog/pg_database.h"
2222
#include"catalog/pg_shadow.h"
23+
#include"commands/copy.h"
2324
#include"commands/user.h"
2425
#include"libpq/crypt.h"
2526
#include"miscadmin.h"
@@ -43,7 +44,7 @@ static void CheckPgUserAclNotNull(void);
4344
*---------------------------------------------------------------------
4445
*/
4546
staticvoid
46-
UpdatePgPwdFile(char*sql,CommandDestdest)
47+
UpdatePgPwdFile(void)
4748
{
4849
char*filename,
4950
*tempname;
@@ -60,16 +61,22 @@ UpdatePgPwdFile(char *sql, CommandDest dest)
6061
snprintf(tempname,bufsize,"%s.%d",filename,MyProcPid);
6162

6263
/*
63-
* Copy the contents of pg_shadow to the pg_pwd ASCII file using a the
64-
* SEPCHAR character as the delimiter between fields. Then rename the
65-
* file to its final name.
64+
* Copy the contents of pg_shadow to the pg_pwd ASCII file using the
65+
* SEPCHAR character as the delimiter between fields. Make sure the
66+
* file is created with mode 600 (umask 077).
67+
*/
68+
DoCopy(ShadowRelationName,/* relname */
69+
false,/* binary */
70+
false,/* oids */
71+
false,/* from */
72+
false,/* pipe */
73+
tempname,/* filename */
74+
CRYPT_PWD_FILE_SEPCHAR,/* delim */
75+
0077);/* fileumask */
76+
/*
77+
* And rename the temp file to its final name, deleting the old pg_pwd.
6678
*/
67-
snprintf(sql,SQL_LENGTH,
68-
"copy %s to '%s' using delimiters %s",
69-
ShadowRelationName,tempname,CRYPT_PWD_FILE_SEPCHAR);
70-
pg_exec_query_dest(sql,dest, false);
7179
rename(tempname,filename);
72-
pfree((void*)tempname);
7380

7481
/*
7582
* Create a flag file the postmaster will detect the next time it
@@ -78,6 +85,8 @@ UpdatePgPwdFile(char *sql, CommandDest dest)
7885
*/
7986
filename=crypt_getpwdreloadfilename();
8087
creat(filename,S_IRUSR |S_IWUSR);
88+
89+
pfree((void*)tempname);
8190
}
8291

8392
/*---------------------------------------------------------------------
@@ -203,7 +212,7 @@ DefineUser(CreateUserStmt *stmt, CommandDest dest)
203212
* we can be sure no other backend will try to write the flat
204213
* file at the same time.
205214
*/
206-
UpdatePgPwdFile(sql,dest);
215+
UpdatePgPwdFile();
207216

208217
/*
209218
* Now we can clean up.
@@ -313,7 +322,7 @@ AlterUser(AlterUserStmt *stmt, CommandDest dest)
313322
* we can be sure no other backend will try to write the flat
314323
* file at the same time.
315324
*/
316-
UpdatePgPwdFile(sql,dest);
325+
UpdatePgPwdFile();
317326

318327
/*
319328
* Now we can clean up.
@@ -446,7 +455,7 @@ RemoveUser(char *user, CommandDest dest)
446455
* we can be sure no other backend will try to write the flat
447456
* file at the same time.
448457
*/
449-
UpdatePgPwdFile(sql,dest);
458+
UpdatePgPwdFile();
450459

451460
/*
452461
* Now we can clean up.

‎src/backend/tcop/utility.c

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
*
1010
*
1111
* IDENTIFICATION
12-
* $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.71 1999/10/26 03:12:36 momjian Exp $
12+
* $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.72 1999/11/21 04:16:16 tgl Exp $
1313
*
1414
*-------------------------------------------------------------------------
1515
*/
@@ -268,7 +268,11 @@ ProcessUtility(Node *parsetree,
268268
* than to/from a file.
269269
*/
270270
stmt->filename,
271-
stmt->delimiter);
271+
stmt->delimiter,
272+
/*
273+
* specify 022 umask while writing files with COPY.
274+
*/
275+
0022);
272276
}
273277
break;
274278

‎src/bin/initdb/initdb.sh

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
#
2727
#
2828
# IDENTIFICATION
29-
# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.61 1999/10/06 21:58:12 vadim Exp $
29+
# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.62 1999/11/21 04:16:15 tgl Exp $
3030
#
3131
#-------------------------------------------------------------------------
3232

@@ -293,6 +293,11 @@ else
293293
echo
294294
mkdir$PGDATA
295295
if [$?-ne 0 ];thenexit 5;fi
296+
else
297+
echo"Fixing permissions on pre-existing$PGDATA"
298+
echo
299+
chmod go-rwx$PGDATA
300+
if [$?-ne 0 ];thenexit 5;fi
296301
fi
297302
if [!-d$PGDATA/base ];then
298303
echo"Creating Postgres database system directory$PGDATA/base"
@@ -411,8 +416,11 @@ PGSQL_OPT="-o /dev/null -O -F -Q -D$PGDATA"
411416
echo"Vacuuming template1"
412417
echo"vacuum"| postgres$PGSQL_OPT template1> /dev/null
413418

419+
# Create the initial pg_pwd (flat-file copy of pg_shadow)
414420
echo"COPY pg_shadow TO '$PGDATA/pg_pwd' USING DELIMITERS '\\t'"| \
415421
postgres$PGSQL_OPT template1> /dev/null
422+
# An ordinary COPY will leave the file too loosely protected.
423+
chmod go-rw$PGDATA/pg_pwd
416424

417425
echo"Creating public pg_user view"
418426
echo"CREATE TABLE pg_user (\

‎src/include/commands/copy.h

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,15 +6,15 @@
66
*
77
* Copyright (c) 1994, Regents of the University of California
88
*
9-
* $Id: copy.h,v 1.5 1999/02/13 23:21:18 momjian Exp $
9+
* $Id: copy.h,v 1.6 1999/11/21 04:16:17 tgl Exp $
1010
*
1111
*-------------------------------------------------------------------------
1212
*/
1313
#ifndefCOPY_H
1414
#defineCOPY_H
1515

1616

17-
voidDoCopy(char*relname,boolbinary,booloids,boolfrom,boolpipe,char*filename,
18-
char*delim);
17+
voidDoCopy(char*relname,boolbinary,booloids,boolfrom,boolpipe,
18+
char*filename,char*delim,intfileumask);
1919

2020
#endif/* COPY_H */

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp