Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitdfc015d

Browse files
committed
start-scripts: switch to $PGUSER before opening $PGLOG.
By default, $PGUSER has permission to unlink $PGLOG. If $PGUSERreplaces $PGLOG with a symbolic link, the server will corrupt thelink-targeted file by appending log messages. Since these scripts open$PGLOG as root, the attack works regardless of target file ownership."make install" does not install these scripts anywhere. Users havingmanually installed them in the past should repeat that process toacquire this fix. Most script users have $PGLOG writable to root only,located in $PGDATA. Just before updating one of these scripts, suchusers should rename $PGLOG to $PGLOG.old. The script will then recreate$PGLOG with proper ownership.Reviewed by Peter Eisentraut. Reported by Antoine Scemama.Security:CVE-2017-12172
1 parent87b2ebd commitdfc015d

File tree

3 files changed

+8
-8
lines changed

3 files changed

+8
-8
lines changed

‎contrib/start-scripts/freebsd

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -43,15 +43,15 @@ test -x $DAEMON ||
4343

4444
case$1in
4545
start)
46-
su -l$PGUSER -c"$DAEMON -D '$PGDATA'&">>$PGLOG2>&1
46+
su -l$PGUSER -c"$DAEMON -D '$PGDATA' >>$PGLOG 2>&1 &"
4747
echo -n' postgresql'
4848
;;
4949
stop)
5050
su -l$PGUSER -c"$PGCTL stop -D '$PGDATA' -s"
5151
;;
5252
restart)
5353
su -l$PGUSER -c"$PGCTL stop -D '$PGDATA' -s"
54-
su -l$PGUSER -c"$DAEMON -D '$PGDATA'&">>$PGLOG2>&1
54+
su -l$PGUSER -c"$DAEMON -D '$PGDATA' >>$PGLOG 2>&1 &"
5555
;;
5656
status)
5757
su -l$PGUSER -c"$PGCTL status -D '$PGDATA'"

‎contrib/start-scripts/linux

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,7 @@ case $1 in
9191
start)
9292
echo -n"Starting PostgreSQL:"
9393
test -e"$PG_OOM_ADJUST_FILE"&&echo"$PG_MASTER_OOM_SCORE_ADJ">"$PG_OOM_ADJUST_FILE"
94-
su -$PGUSER -c"$DAEMON_ENV$DAEMON -D '$PGDATA'&">>$PGLOG2>&1
94+
su -$PGUSER -c"$DAEMON_ENV$DAEMON -D '$PGDATA' >>$PGLOG 2>&1 &"
9595
echo"ok"
9696
;;
9797
stop)
@@ -103,7 +103,7 @@ case $1 in
103103
echo -n"Restarting PostgreSQL:"
104104
su -$PGUSER -c"$PGCTL stop -D '$PGDATA' -s"
105105
test -e"$PG_OOM_ADJUST_FILE"&&echo"$PG_MASTER_OOM_SCORE_ADJ">"$PG_OOM_ADJUST_FILE"
106-
su -$PGUSER -c"$DAEMON_ENV$DAEMON -D '$PGDATA'&">>$PGLOG2>&1
106+
su -$PGUSER -c"$DAEMON_ENV$DAEMON -D '$PGDATA' >>$PGLOG 2>&1 &"
107107
echo"ok"
108108
;;
109109
reload)

‎contrib/start-scripts/osx/PostgreSQL

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -80,9 +80,9 @@ StartService () {
8080
if ["${POSTGRESQL:=-NO-}"="-YES-" ];then
8181
ConsoleMessage"Starting PostgreSQL database server"
8282
if ["${ROTATELOGS}"="1" ];then
83-
sudo -u$PGUSER sh -c"${DAEMON} -D '${PGDATA}'&"2>&1|${LOGUTIL}"${PGLOG}"${ROTATESEC}&
83+
sudo -u$PGUSER sh -c"${DAEMON} -D '${PGDATA}' 2>&1 |${LOGUTIL}\"${PGLOG}\"${ROTATESEC} &"
8484
else
85-
sudo -u$PGUSER sh -c"${DAEMON} -D '${PGDATA}'&">>"$PGLOG"2>&1
85+
sudo -u$PGUSER sh -c"${DAEMON} -D '${PGDATA}'>>\"$PGLOG\" 2>&1 &"
8686
fi
8787
fi
8888
}
@@ -99,9 +99,9 @@ RestartService () {
9999
sudo -u$PGUSER sh -c"$PGCTL stop -D '${PGDATA}' -s"
100100
# should match StartService:
101101
if ["${ROTATELOGS}"="1" ];then
102-
sudo -u$PGUSER sh -c"${DAEMON} -D '${PGDATA}'&"2>&1|${LOGUTIL}"${PGLOG}"${ROTATESEC}&
102+
sudo -u$PGUSER sh -c"${DAEMON} -D '${PGDATA}' 2>&1 |${LOGUTIL}\"${PGLOG}\"${ROTATESEC} &"
103103
else
104-
sudo -u$PGUSER sh -c"${DAEMON} -D '${PGDATA}'&">>"$PGLOG"2>&1
104+
sudo -u$PGUSER sh -c"${DAEMON} -D '${PGDATA}'>>\"$PGLOG\" 2>&1 &"
105105
fi
106106
else
107107
StopService

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp