diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/main/main.c | 51 | ||||
| -rw-r--r-- | src/backend/utils/init/findbe.c | 5 | ||||
| -rw-r--r-- | src/backend/utils/init/postinit.c | 8 |
3 files changed, 42 insertions, 22 deletions
diff --git a/src/backend/main/main.c b/src/backend/main/main.c index 46e03d8e0ab..0951649f846 100644 --- a/src/backend/main/main.c +++ b/src/backend/main/main.c @@ -13,7 +13,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/main/main.c,v 1.42 2001/03/22 03:59:30 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/main/main.c,v 1.43 2001/04/21 18:29:29 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -103,22 +103,46 @@ main(int argc, char *argv[]) */ /* - * Make sure we are not running as root. - * - * BeOS currently runs everything as root :-(, so this check must be - * temporarily disabled there... + * Skip permission checks if we're just trying to do --help or --version; + * otherwise root will get unhelpful failure messages from initdb. */ -#ifndef __BEOS__ if (!(argc > 1 - && (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0 - || strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)) - && (geteuid() == 0)) + && (strcmp(argv[1], "--help") == 0 || + strcmp(argv[1], "-?") == 0 || + strcmp(argv[1], "--version") == 0 || + strcmp(argv[1], "-V") == 0))) { - fprintf(stderr, "%s", NOROOTEXEC); - exit(1); - } + /* + * Make sure we are not running as root. + * + * BeOS currently runs everything as root :-(, so this check must be + * temporarily disabled there... + */ +#ifndef __BEOS__ + if (geteuid() == 0) + { + fprintf(stderr, "%s", NOROOTEXEC); + exit(1); + } #endif /* __BEOS__ */ + /* + * Also make sure that real and effective uids are the same. + * Executing Postgres as a setuid program from a root shell is a + * security hole, since on many platforms a nefarious subroutine could + * setuid back to root if real uid is root. (Since nobody actually + * uses Postgres as a setuid program, trying to actively fix this + * situation seems more trouble than it's worth; we'll just expend the + * effort to check for it.) + */ + if (getuid() != geteuid()) + { + fprintf(stderr, "%s: real and effective userids must match\n", + argv[0]); + exit(1); + } + } + /* * Set up locale information from environment, in only the categories * needed by Postgres; leave other categories set to default "C". @@ -162,7 +186,8 @@ main(int argc, char *argv[]) pw = getpwuid(geteuid()); if (pw == NULL) { - fprintf(stderr, "%s: invalid current euid", argv[0]); + fprintf(stderr, "%s: invalid current euid %d\n", + argv[0], (int) geteuid()); exit(1); } /* Allocate new memory because later getpwuid() calls can overwrite it */ diff --git a/src/backend/utils/init/findbe.c b/src/backend/utils/init/findbe.c index d59b3bfa075..507e3db2099 100644 --- a/src/backend/utils/init/findbe.c +++ b/src/backend/utils/init/findbe.c @@ -7,7 +7,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/utils/init/Attic/findbe.c,v 1.20 2001/01/24 19:43:15 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/init/Attic/findbe.c,v 1.21 2001/04/21 18:29:29 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -93,9 +93,6 @@ ValidateBinary(char *path) /* * Ensure that the file is both executable and readable (required for * dynamic loading). - * - * We use the effective uid here because the backend will not have - * executed setuid() by the time it calls this routine. */ euid = geteuid(); if (euid == buf.st_uid) diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c index 57a5dbe7126..f8775648668 100644 --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.83 2001/03/22 06:16:18 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.84 2001/04/21 18:29:29 tgl Exp $ * * *------------------------------------------------------------------------- @@ -335,16 +335,14 @@ InitPostgres(const char *dbname, const char *username) LockDisable(true); /* - * Set ourselves to the proper user id and figure out our postgres - * user id. + * Figure out our postgres user id. If bootstrapping, we can't + * assume that pg_shadow exists yet, so fake it. */ if (bootstrap) SetSessionUserId(geteuid()); else SetSessionUserIdFromUserName(username); - setuid(geteuid()); - /* * Unless we are bootstrapping, double-check that InitMyDatabaseInfo() * got a correct result. We can't do this until all the |