| From: | tgl(at)svr1(dot)postgresql(dot)org (Tom Lane) |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Prevent pg_ctl from being run as root. |
| Date: | 2004-10-22 00:24:33 |
| Message-ID: | 20041022002433.4E0A932A43E@svr1.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Log Message:
-----------
Prevent pg_ctl from being run as root. Since it uses configuration files
owned by postgres, doing "pg_ctl start" as root could allow a privilege
escalation attack, as pointed out by iDEFENSE. Of course the postmaster would
fail, but we ought to fail a little sooner to protect sysadmins unfamiliar
with Postgres. The chosen fix is to disable root use of pg_ctl in all cases,
just to be confident there are no other holes.
Tags:
----
REL7_3_STABLE
Modified Files:
--------------
pgsql/src/bin/pg_ctl:
pg_ctl.sh (r1.30 -> r1.30.2.1)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/bin/pg_ctl/pg_ctl.sh.diff?r1=1.30&r2=1.30.2.1)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2004-10-22 00:24:39 | pgsql: Prevent pg_ctl from being run as root. |
| Previous Message | Tom Lane | 2004-10-22 00:24:27 | pgsql: Prevent pg_ctl from being run as root. |