diff options
| author | Noah Misch <noah@leadboat.com> | 2014-03-29 03:12:00 -0400 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2014-03-29 03:12:00 -0400 |
| commit | 8f5578d0f9681ef81bc71a3762a191d66a29c8b1 (patch) | |
| tree | 4e2af16d757e0ec53a61beb3e2f7bb3c766c677b /doc/src | |
| parent | 31c6e54ec9abab0c63d709e492ef18a701b02641 (diff) | |
| download | postgresql-8f5578d0f9681ef81bc71a3762a191d66a29c8b1.tar.gz postgresql-8f5578d0f9681ef81bc71a3762a191d66a29c8b1.zip | |
Revert "Secure Unix-domain sockets of "make check" temporary clusters."
About half of the buildfarm members use too-long directory names,
strongly suggesting that this approach is a dead end.
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/regress.sgml | 34 |
1 files changed, 15 insertions, 19 deletions
diff --git a/doc/src/sgml/regress.sgml b/doc/src/sgml/regress.sgml index f9319637b90..16b36211f3d 100644 --- a/doc/src/sgml/regress.sgml +++ b/doc/src/sgml/regress.sgml @@ -58,14 +58,21 @@ make check <warning> <para> - On systems lacking Unix-domain sockets, notably Windows, this test method - starts a temporary server configured to accept any connection originating - on the local machine. Any local user can gain database superuser - privileges when connecting to this server, and could in principle exploit - all privileges of the operating-system user running the tests. Therefore, - it is not recommended that you use <literal>make check</> on an affected - system shared with untrusted users. Instead, run the tests after - completing the installation, as described in the next section. + This test method starts a temporary server, which is configured to accept + any connection originating on the local machine. Any local user can gain + database superuser privileges when connecting to this server, and could + in principle exploit all privileges of the operating-system user running + the tests. Therefore, it is not recommended that you use <literal>make + check</> on machines shared with untrusted users. Instead, run the tests + after completing the installation, as described in the next section. + </para> + + <para> + On Unix-like machines, this danger can be avoided if the temporary + server's socket file is made inaccessible to other users, for example + by running the tests in a protected chroot. On Windows, the temporary + server opens a locally-accessible TCP socket, so filesystem protections + cannot help. </para> </warning> @@ -104,17 +111,6 @@ make MAX_CONNECTIONS=10 check </screen> runs no more than ten tests concurrently. </para> - - <para> - To protect your operating system user account, the test driver places the - server's socket in a relative subdirectory inaccessible to other users. - Since most systems constrain the length of socket paths well - below <literal>_POSIX_PATH_MAX</>, testing may fail to start from a - directory with a long name. Work around this problem by pointing - the <envar>PG_REGRESS_SOCK_DIR</> environment variable to a substitute - socket directory having a shorter path. On a multi-user system, give that - directory mode <literal>0700</>. - </para> </sect2> <sect2> |