Skip site navigation (1) Skip section navigation (2)

Re: setuid(geteuid());?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: setuid(geteuid());?
Date: 2001-04-21 17:29:13
Message-ID: 1719.987874153@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
>> We want real uid
>> to become postgres as well --- otherwise our test to prevent execution
>> as root is a waste of time, because nefarious code could become root
>> again just by doing setuid.  See the setuid man page: if real uid is
>> root then setuid(root) will succeed.

> That is a valid concern, but the code doesn't actually prevent this.

After reading the setuid man page a third time, I think you are right.

On machines that have setreuid(), or even better setresuid(), we could
force the ruid (and suid for good measure) to match euid.  Otherwise we
probably should refuse to start unless getuid matches geteuid.

Hmm ... setresuid may be an HP-ism ... does anyone else have that?
setreuid appears to be a BSD-ism, so it ought to be reasonably popular.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2001-04-21 17:47:23
Subject: Re: setuid(geteuid());?
Previous:From: Paul A VixieDate: 2001-04-21 17:27:19
Subject: well, now i wish we hadn't gutted the ipv6 support

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group