diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2001-08-06 13:45:15 +0000 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2001-08-06 13:45:15 +0000 |
| commit | f487e3da681c3452e20e189a6613174ce81ed7ec (patch) | |
| tree | 194ec7e617c81ef39c595106272b67a566b8e13b /src | |
| parent | 46e252141bbeef790db4a09c97e388e350310e68 (diff) | |
| download | postgresql-f487e3da681c3452e20e189a6613174ce81ed7ec.tar.gz postgresql-f487e3da681c3452e20e189a6613174ce81ed7ec.zip | |
Check that the data directory does not have group or world access; remove
a similar check on postgresql.conf.
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/utils/init/miscinit.c | 18 | ||||
| -rw-r--r-- | src/backend/utils/misc/guc-file.l | 22 |
2 files changed, 18 insertions, 22 deletions
diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c index 44e6f768152..99fc6824c60 100644 --- a/src/backend/utils/init/miscinit.c +++ b/src/backend/utils/init/miscinit.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.73 2001/07/03 16:49:48 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/init/miscinit.c,v 1.74 2001/08/06 13:45:15 petere Exp $ * *------------------------------------------------------------------------- */ @@ -120,6 +120,7 @@ void SetDataDir(const char *dir) { char *new; + struct stat stat_buf; AssertArg(dir); @@ -162,6 +163,21 @@ SetDataDir(const char *dir) if (!new) elog(FATAL, "out of memory"); } + + /* + * Check if the directory has group or world access. If so, reject. + */ + if (stat(new, &stat_buf) == -1) + { + free(new); + elog(FATAL, "could not read permissions of directory %s: %s", new, strerror(errno)); + } + + if (stat_buf.st_mode & (S_IRWXG | S_IRWXO)) + { + free(new); + elog(FATAL, "data directory %s has group or world access; permissions should be u=rwx (0700)", new); + } if (DataDir) free(DataDir); diff --git a/src/backend/utils/misc/guc-file.l b/src/backend/utils/misc/guc-file.l index 950dbb6ef92..c6d96f5ac8a 100644 --- a/src/backend/utils/misc/guc-file.l +++ b/src/backend/utils/misc/guc-file.l @@ -4,7 +4,7 @@ * * Copyright 2000 by PostgreSQL Global Development Group * - * $Header: /cvsroot/pgsql/src/backend/utils/misc/guc-file.l,v 1.8 2001/06/07 04:50:57 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/misc/guc-file.l,v 1.9 2001/08/06 13:45:15 petere Exp $ */ %{ @@ -130,7 +130,6 @@ ProcessConfigFile(GucContext context) int token, parse_state; char *opt_name, *opt_value; char *filename; - struct stat stat_buf; struct name_value_pair *item, *head, *tail; int elevel; FILE * fp; @@ -161,25 +160,6 @@ ProcessConfigFile(GucContext context) return; } - /* - * Check if the file is group or world writeable. If so, reject. - */ - if (fstat(fileno(fp), &stat_buf) == -1) - { - FreeFile(fp); - free(filename); - elog(elevel, "could not stat configuration file `" CONFIG_FILENAME "': %s", strerror(errno)); - return; - } - - if (stat_buf.st_mode & (S_IWGRP | S_IXGRP | S_IWOTH | S_IXOTH)) - { - FreeFile(fp); - free(filename); - elog(elevel, "configuration file `" CONFIG_FILENAME "' has wrong permissions"); - return; - } - /* * Parse */ |