Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitc58675b

Browse files
committed
Prevent pg_ctl from being run as root. Since it uses configuration files
owned by postgres, doing "pg_ctl start" as root could allow a privilegeescalation attack, as pointed out by iDEFENSE. Of course the postmaster wouldfail, but we ought to fail a little sooner to protect sysadmins unfamiliarwith Postgres. The chosen fix is to disable root use of pg_ctl in all cases,just to be confident there are no other holes.
1 parent9eff02f commitc58675b

File tree

1 file changed

+20
-2
lines changed

1 file changed

+20
-2
lines changed

‎src/bin/pg_ctl/pg_ctl.c

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
*
55
* Portions Copyright (c) 1996-2004, PostgreSQL Global Development Group
66
*
7-
* $PostgreSQL: pgsql/src/bin/pg_ctl/pg_ctl.c,v 1.41 2004/10/19 13:38:53 petere Exp $
7+
* $PostgreSQL: pgsql/src/bin/pg_ctl/pg_ctl.c,v 1.42 2004/10/22 00:24:18 tgl Exp $
88
*
99
*-------------------------------------------------------------------------
1010
*/
@@ -14,9 +14,9 @@
1414

1515
#include<locale.h>
1616
#include<signal.h>
17-
#include<errno.h>
1817
#include<sys/types.h>
1918
#include<sys/stat.h>
19+
#include<unistd.h>
2020

2121
#include"libpq/pqsignal.h"
2222
#include"getopt_long.h"
@@ -1229,6 +1229,7 @@ main(int argc, char **argv)
12291229

12301230
umask(077);
12311231

1232+
/* support --help and --version even if invoked as root */
12321233
if (argc>1)
12331234
{
12341235
if (strcmp(argv[1],"-h")==0||strcmp(argv[1],"--help")==0||
@@ -1244,6 +1245,23 @@ main(int argc, char **argv)
12441245
}
12451246
}
12461247

1248+
/*
1249+
* Disallow running as root, to forestall any possible security holes.
1250+
*/
1251+
#ifndefWIN32
1252+
#ifndef__BEOS__/* no root check on BEOS */
1253+
if (geteuid()==0)
1254+
{
1255+
write_stderr(_("%s: cannot be run as root\n"
1256+
"Please log in (using, e.g., \"su\") as the "
1257+
"(unprivileged) user that will\n"
1258+
"own the server process.\n"),
1259+
progname);
1260+
exit(1);
1261+
}
1262+
#endif
1263+
#endif
1264+
12471265
/*
12481266
* 'Action' can be before or after args so loop over both. Some
12491267
* getopt_long() implementations will reorder argv[] to place all

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp