Commitf487e3d

committed

Check that the data directory does not have group or world access; remove

a similar check on postgresql.conf.

1 parent46e2521 commitf487e3dCopy full SHA for f487e3d

File tree

+18

-22

lines changed

+18

-22

lines changed

Lines changed: 17 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.73 2001/07/03 16:49:48 tgl Exp $`
	`11`	`+ * $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.74 2001/08/06 13:45:15 petere Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -120,6 +120,7 @@ void`
`120`	`120`	`SetDataDir(constchar*dir)`
`121`	`121`	`{`
`122`	`122`	`char*new;`
	`123`	`+structstatstat_buf;`
`123`	`124`
`124`	`125`	`AssertArg(dir);`
`125`	`126`
`@@ -162,6 +163,21 @@ SetDataDir(const char *dir)`
`162`	`163`	`if (!new)`
`163`	`164`	`elog(FATAL,"out of memory");`
`164`	`165`	`}`
	`166`	`+`
	`167`	`+/*`
	`168`	`+ * Check if the directory has group or world access. If so, reject.`
	`169`	`+ */`
	`170`	`+if (stat(new,&stat_buf)==-1)`
	`171`	`+{`
	`172`	`+free(new);`
	`173`	`+elog(FATAL,"could not read permissions of directory %s: %s",new,strerror(errno));`
	`174`	`+}`
	`175`	`+`
	`176`	`+if (stat_buf.st_mode& (S_IRWXG \|S_IRWXO))`
	`177`	`+{`
	`178`	`+free(new);`
	`179`	`+elog(FATAL,"data directory %s has group or world access; permissions should be u=rwx (0700)",new);`
	`180`	`+}`
`165`	`181`
`166`	`182`	`if (DataDir)`
`167`	`183`	`free(DataDir);`

Lines changed: 1 addition & 21 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@`
`4`	`4`	`*`
`5`	`5`	`* Copyright 2000 by PostgreSQL Global Development Group`
`6`	`6`	`*`
`7`		`- * $Header: /cvsroot/pgsql/src/backend/utils/misc/guc-file.l,v 1.8 2001/06/07 04:50:57 momjian Exp $`
	`7`	`+ * $Header: /cvsroot/pgsql/src/backend/utils/misc/guc-file.l,v 1.9 2001/08/06 13:45:15 petere Exp $`
`8`	`8`	`*/`
`9`	`9`
`10`	`10`	`%{`
`@@ -130,7 +130,6 @@ ProcessConfigFile(GucContext context)`
`130`	`130`	`int token, parse_state;`
`131`	`131`	`char opt_name, opt_value;`
`132`	`132`	`char *filename;`
`133`		`-struct stat stat_buf;`
`134`	`133`	`struct name_value_pair item, head, *tail;`
`135`	`134`	`int elevel;`
`136`	`135`	`FILE * fp;`
`@@ -161,25 +160,6 @@ ProcessConfigFile(GucContext context)`
`161`	`160`	`return;`
`162`	`161`	`}`
`163`	`162`
`164`		`- /*`
`165`		`- * Check if the file is group or world writeable. If so, reject.`
`166`		`- */`
`167`		`- if (fstat(fileno(fp), &stat_buf) == -1)`
`168`		`-{`
`169`		`-FreeFile(fp);`
`170`		`-free(filename);`
`171`		- elog(elevel,"couldnot stat configuration file `" CONFIG_FILENAME"': %s", strerror(errno));
`172`		`-return;`
`173`		`-}`
`174`		`-`
`175`		`- if (stat_buf.st_mode & (S_IWGRP \| S_IXGRP \| S_IWOTH \| S_IXOTH))`
`176`		`-{`
`177`		`-FreeFile(fp);`
`178`		`-free(filename);`
`179`		- elog(elevel, "configuration file `" CONFIG_FILENAME "' has wrong permissions");
`180`		`-return;`
`181`		`-}`
`182`		`-`
`183`	`163`	`/*`
`184`	`164`	`* Parse`
`185`	`165`	`*/`

Comments

(0)