Re: setuid(geteuid());?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: setuid(geteuid());?
Date: 2001-04-21 17:29:13
Message-ID: 1719.987874153@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
>> We want real uid
>> to become postgres as well --- otherwise our test to prevent execution
>> as root is a waste of time, because nefarious code could become root
>> again just by doing setuid. See the setuid man page: if real uid is
>> root then setuid(root) will succeed.

> That is a valid concern, but the code doesn't actually prevent this.

After reading the setuid man page a third time, I think you are right.

On machines that have setreuid(), or even better setresuid(), we could
force the ruid (and suid for good measure) to match euid. Otherwise we
probably should refuse to start unless getuid matches geteuid.

Hmm ... setresuid may be an HP-ism ... does anyone else have that?
setreuid appears to be a BSD-ism, so it ought to be reasonably popular.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2001-04-21 17:47:23 Re: setuid(geteuid());?
Previous Message Paul A Vixie 2001-04-21 17:27:19 well, now i wish we hadn't gutted the ipv6 support