Skip site navigation (1) Skip section navigation (2)

pgsql: Prevent pg_ctl from being run as root.

From: tgl(at)svr1(dot)postgresql(dot)org (Tom Lane)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Prevent pg_ctl from being run as root.
Date: 2004-10-22 00:24:39
Message-ID: 20041022002439.35E9332A190@svr1.postgresql.org (view raw or flat)
Thread:
Lists: pgsql-committers
Log Message:
-----------
Prevent pg_ctl from being run as root.  Since it uses configuration files
owned by postgres, doing "pg_ctl start" as root could allow a privilege
escalation attack, as pointed out by iDEFENSE.  Of course the postmaster would
fail, but we ought to fail a little sooner to protect sysadmins unfamiliar
with Postgres.  The chosen fix is to disable root use of pg_ctl in all cases,
just to be confident there are no other holes.

Tags:
----
REL7_2_STABLE

Modified Files:
--------------
    pgsql/src/bin/pg_ctl:
        pg_ctl.sh (r1.25 -> r1.25.2.1)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/bin/pg_ctl/pg_ctl.sh.diff?r1=1.25&r2=1.25.2.1)

pgsql-committers by date

Next:From: Tom LaneDate: 2004-10-22 00:25:20
Subject: pgsql: Update release history for releases 7.4.6, 7.3.8, 7.2.6.
Previous:From: Tom LaneDate: 2004-10-22 00:24:33
Subject: pgsql: Prevent pg_ctl from being run as root.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group