Commit 8407bb3c authored by Tom Lane's avatar Tom Lane

Remove useless setuid() call, instead add a check that real and effective

userids are the same.  Per today's pghackers discussion.
parent 9ae68190
...@@ -13,7 +13,7 @@ ...@@ -13,7 +13,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/main/main.c,v 1.42 2001/03/22 03:59:30 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/main/main.c,v 1.43 2001/04/21 18:29:29 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -103,22 +103,46 @@ main(int argc, char *argv[]) ...@@ -103,22 +103,46 @@ main(int argc, char *argv[])
*/ */
/* /*
* Make sure we are not running as root. * Skip permission checks if we're just trying to do --help or --version;
* * otherwise root will get unhelpful failure messages from initdb.
* BeOS currently runs everything as root :-(, so this check must be
* temporarily disabled there...
*/ */
#ifndef __BEOS__
if (!(argc > 1 if (!(argc > 1
&& (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0 && (strcmp(argv[1], "--help") == 0 ||
|| strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)) strcmp(argv[1], "-?") == 0 ||
&& (geteuid() == 0)) strcmp(argv[1], "--version") == 0 ||
strcmp(argv[1], "-V") == 0)))
{ {
fprintf(stderr, "%s", NOROOTEXEC); /*
exit(1); * Make sure we are not running as root.
} *
* BeOS currently runs everything as root :-(, so this check must be
* temporarily disabled there...
*/
#ifndef __BEOS__
if (geteuid() == 0)
{
fprintf(stderr, "%s", NOROOTEXEC);
exit(1);
}
#endif /* __BEOS__ */ #endif /* __BEOS__ */
/*
* Also make sure that real and effective uids are the same.
* Executing Postgres as a setuid program from a root shell is a
* security hole, since on many platforms a nefarious subroutine could
* setuid back to root if real uid is root. (Since nobody actually
* uses Postgres as a setuid program, trying to actively fix this
* situation seems more trouble than it's worth; we'll just expend the
* effort to check for it.)
*/
if (getuid() != geteuid())
{
fprintf(stderr, "%s: real and effective userids must match\n",
argv[0]);
exit(1);
}
}
/* /*
* Set up locale information from environment, in only the categories * Set up locale information from environment, in only the categories
* needed by Postgres; leave other categories set to default "C". * needed by Postgres; leave other categories set to default "C".
...@@ -162,7 +186,8 @@ main(int argc, char *argv[]) ...@@ -162,7 +186,8 @@ main(int argc, char *argv[])
pw = getpwuid(geteuid()); pw = getpwuid(geteuid());
if (pw == NULL) if (pw == NULL)
{ {
fprintf(stderr, "%s: invalid current euid", argv[0]); fprintf(stderr, "%s: invalid current euid %d\n",
argv[0], (int) geteuid());
exit(1); exit(1);
} }
/* Allocate new memory because later getpwuid() calls can overwrite it */ /* Allocate new memory because later getpwuid() calls can overwrite it */
......
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/init/Attic/findbe.c,v 1.20 2001/01/24 19:43:15 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/utils/init/Attic/findbe.c,v 1.21 2001/04/21 18:29:29 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -93,9 +93,6 @@ ValidateBinary(char *path) ...@@ -93,9 +93,6 @@ ValidateBinary(char *path)
/* /*
* Ensure that the file is both executable and readable (required for * Ensure that the file is both executable and readable (required for
* dynamic loading). * dynamic loading).
*
* We use the effective uid here because the backend will not have
* executed setuid() by the time it calls this routine.
*/ */
euid = geteuid(); euid = geteuid();
if (euid == buf.st_uid) if (euid == buf.st_uid)
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.83 2001/03/22 06:16:18 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/utils/init/postinit.c,v 1.84 2001/04/21 18:29:29 tgl Exp $
* *
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
...@@ -335,16 +335,14 @@ InitPostgres(const char *dbname, const char *username) ...@@ -335,16 +335,14 @@ InitPostgres(const char *dbname, const char *username)
LockDisable(true); LockDisable(true);
/* /*
* Set ourselves to the proper user id and figure out our postgres * Figure out our postgres user id. If bootstrapping, we can't
* user id. * assume that pg_shadow exists yet, so fake it.
*/ */
if (bootstrap) if (bootstrap)
SetSessionUserId(geteuid()); SetSessionUserId(geteuid());
else else
SetSessionUserIdFromUserName(username); SetSessionUserIdFromUserName(username);
setuid(geteuid());
/* /*
* Unless we are bootstrapping, double-check that InitMyDatabaseInfo() * Unless we are bootstrapping, double-check that InitMyDatabaseInfo()
* got a correct result. We can't do this until all the * got a correct result. We can't do this until all the
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment