Prevent pg_resetxlog from being run as root. If this is allowed, some

root-owned files will be written to the data directory, leaving it in an
unusable state.

1 files changed, 20 insertions, 1 deletions

diff --git a/src/bin/pg_resetxlog/pg_resetxlog.c b/src/bin/pg_resetxlog/pg_resetxlog.c
index 720c28f1262..e3ff074c664 100644
--- a/src/bin/pg_resetxlog/pg_resetxlog.c
+++ b/src/bin/pg_resetxlog/pg_resetxlog.c
@@ -23,7 +23,7 @@
  * Portions Copyright (c) 1996-2004, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/bin/pg_resetxlog/pg_resetxlog.c,v 1.25 2004/11/17 21:37:47 tgl Exp $
+ * $PostgreSQL: pgsql/src/bin/pg_resetxlog/pg_resetxlog.c,v 1.26 2004/12/14 01:59:41 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -176,6 +176,25 @@ main(int argc, char *argv[])
 		exit(1);
 	}
 
+ 	/*
+	 * Don't allow pg_resetxlog to be run as root, to avoid
+	 * overwriting the ownership of files in the data directory. We
+	 * need only check for root -- any other user won't have
+	 * sufficient permissions to modify files in the data directory.
+	 */
+#ifndef WIN32
+#ifndef __BEOS__				/* no root check on BeOS */
+	if (geteuid() == 0)
+	{
+		fprintf(stderr, _("%s: cannot be executed by \"root\"\n"),
+				progname);
+		fprintf(stderr, _("You must run %s as the PostgreSQL superuser.\n"),
+				progname);
+		exit(1);
+	}
+#endif
+#endif
+
 	DataDir = argv[optind];
 	snprintf(XLogDir, MAXPGPATH, "%s/pg_xlog", DataDir);
 	snprintf(ControlFilePath, MAXPGPATH, "%s/global/pg_control", DataDir);