1berry/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Prevent pg_ctl from being run as root. Since it uses configuration files

Browse Source 
owned by postgres, doing "pg_ctl start" as root could allow a privilege
escalation attack, as pointed out by iDEFENSE.  Of course the postmaster would
fail, but we ought to fail a little sooner to protect sysadmins unfamiliar
with Postgres.  The chosen fix is to disable root use of pg_ctl in all cases,
just to be confident there are no other holes.
This commit is contained in:
Tom Lane 2004-10-22 00:24:27 +00:00
parent 25d1755a29
commit 5b7e88dbe0
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/bin/pg_ctl/pg_ctl.sh
View File

@ -8,7 +8,7 @@
# #
# #
# IDENTIFICATION # IDENTIFICATION
# $Header: /cvsroot/pgsql/src/bin/pg_ctl/Attic/pg_ctl.sh,v 1.36.4.1 2004/08/28 21:10:00 momjian Exp $ # $Header: /cvsroot/pgsql/src/bin/pg_ctl/Attic/pg_ctl.sh,v 1.36.4.2 2004/10/22 00:24:27 tgl Exp $
# #
#------------------------------------------------------------------------- #-------------------------------------------------------------------------
@ -111,6 +111,14 @@ fi
po_path="$PGPATH/postmaster" po_path="$PGPATH/postmaster"
if [ `$PGPATH/pg_id -u` -eq 0 ]
then
echo "$CMDNAME: cannot be run as root" 1>&2
echo "Please log in (using, e.g., \"su\") as the (unprivileged) user that will" 1>&2
echo "own the server process." 1>&2
exit 1
fi
wait= wait=
wait_seconds=60 wait_seconds=60
logfile= logfile=