8000 start-scripts: switch to $PGUSER before opening $PGLOG. · koderP/postgres@ed546dd · GitHub
[go: up one dir, main page]
Skip to content

Commit ed546dd

Browse files
nmischnmisch
committed
start-scripts: switch to $PGUSER before opening $PGLOG.
By default, $PGUSER has permission to unlink $PGLOG. If $PGUSER replaces $PGLOG with a symbolic link, the server will corrupt the link-targeted file by appending log messages. Since these scripts open $PGLOG as root, the attack works regardless of target file ownership. "make install" does not install these scripts anywhere. Users having manually installed them in the past should repeat that process to acquire this fix. Most script users have $PGLOG writable to root only, located in $PGDATA. Just before updating one of these scripts, such users should rename $PGLOG to $PGLOG.old. The script will then recreate $PGLOG with proper ownership. Reviewed by Peter Eisentraut. Reported by Antoine Scemama. Security: CVE-2017-12172
1 parent 045a188 commit ed546dd

File tree

3 files changed

+8
-8
lines changed

3 files changed

+8
-8
lines changed

contrib/start-scripts/freebsd

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,15 +44,15 @@ test -x $DAEMON ||
4444

4545
case $1 in
4646
start)
47-
su -l $PGUSER -c "$DAEMON -D '$PGDATA' &" >>$PGLOG 2>&1
47+
su -l $PGUSER -c "$DAEMON -D '$PGDATA' >>$PGLOG 2>&1 &"
4848
echo -n ' postgresql'
4949
;;
5050
stop)
5151
su -l $PGUSER -c "$PGCTL stop -D '$PGDATA' -s -m fast"
5252
;;
5353
restart)
5454
su -l $PGUSER -c "$PGCTL stop -D '$PGDATA' -s -m fast -w"
55-
su -l $PGUSER -c "$DAEMON -D '$PGDATA' &" >>$PGLOG 2>&1
55+
su -l $PGUSER -c "$DAEMON -D '$PGDATA' >>$PGLOG 2>&1 &"
5656
;;
5757
status)
5858
su -l $PGUSER -c "$PGCTL status -D '$PGDATA'"

contrib/start-scripts/linux

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,7 @@ case $1 in
9292
start)
9393
echo -n "Starting PostgreSQL: "
9494
test -e "$PG_OOM_ADJUST_FILE" && echo "$PG_MASTER_OOM_SCORE_ADJ" > "$PG_OOM_ADJUST_FILE"
95-
su - $PGUSER -c "$DAEMON_ENV $DAEMON -D '$PGDATA' &" >>$PGLOG 2>&1
95+
su - $PGUSER -c "$DAEMON_ENV $DAEMON -D '$PGDATA' >>$PGLOG 2>&1 &"
9696
echo "ok"
9797
;;
9898
stop)
@@ -104,7 +104,7 @@ case $1 in
104104
echo -n "Restarting PostgreSQL: "
105105
su - $PGUSER -c "$PGCTL stop -D '$PGDATA' -s -m fast -w"
106106
test -e "$PG_OOM_ADJUST_FILE" && echo "$PG_MASTER_OOM_SCORE_ADJ" > "$PG_OOM_ADJUST_FILE"
107-
su - $PGUSER -c "$DAEMON_ENV $DAEMON -D '$PGDATA' &" >>$PGLOG 2>&1
107+
su - $PGUSER -c "$DAEMON_ENV $DAEMON -D '$PGDATA' >>$PGLOG 2>&1 &"
108108
echo "ok"
109109
;;
110110
reload)

contrib/start-scripts/osx/PostgreSQL

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -81,9 +81,9 @@ StartService () {
8181
if [ "${POSTGRESQL:=-NO-}" = "-YES-" ]; then
8282
ConsoleMessage "Starting PostgreSQL database server"
8383
if [ "${ROTATELOGS}" = "1" ]; then
84-
sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' &" 2>&1 | ${LOGUTIL} "${PGLOG}" ${ROTATESEC} &
84+
sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' 2>&1 | ${LOGUTIL} \"${PGLOG}\" ${ROTATESEC} &"
8585
else
86-
sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' &" >>"$PGLOG" 2>&1
86+
sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' >>\"$PGLOG\" 2>&1 &"
8787
fi
8888
fi
8989
}
@@ -100,9 +100,9 @@ RestartService () {
100100
sudo -u $PGUSER sh -c "$PGCTL stop -D '${PGDATA}' -s -m fast"
101101
# should match StartService:
102102
if [ "${ROTATELOGS}" = "1" ]; then
103-
sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' &" 2>&1 | ${LOGUTIL} "${PGLOG}" ${ROTATESEC} &
103+
sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' 2>&1 | ${LOGUTIL} \"${PGLOG}\" ${ROTATESEC} &"
104104
else
105-
sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' &" >>"$PGLOG" 2>&1
105+
sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' >>\"$PGLOG\" 2>&1 &"
106106
fi
107107
else
108108
StopService

0 commit comments

Comments
 (0)
0