diff options
| author | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2015-04-07 23:04:25 +0300 |
|---|---|---|
| committer | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2015-04-07 23:05:25 +0300 |
| commit | 8a06c36aff4a94e5ffc3876cd85a1a16a82c754e (patch) | |
| tree | 88f983a406546a4c3164cbb01c710be160ed58bb /src | |
| parent | 1cdf4d0b6ac41e200d904d3fe293e43e07fd3e3c (diff) | |
| download | postgresql-8a06c36aff4a94e5ffc3876cd85a1a16a82c754e.tar.gz postgresql-8a06c36aff4a94e5ffc3876cd85a1a16a82c754e.zip | |
Fix process startup in pg_rewind.
Don't allow pg_rewind to run as root on Unix platforms, as any new or
replaced files in the data directory would become owned by root. On Windows,
it can run under a user that has Administrator rights, but a restricted
token needs to be used. This is the same we do e.g. in pg_resetxlog.
Also, add missing set_pglocale_pgservice() call, to fix localization.
Michael Paquier and Fujii Masao
Diffstat (limited to 'src')
| -rw-r--r-- | src/bin/pg_rewind/nls.mk | 2 | ||||
| -rw-r--r-- | src/bin/pg_rewind/pg_rewind.c | 17 |
2 files changed, 18 insertions, 1 deletions
diff --git a/src/bin/pg_rewind/nls.mk b/src/bin/pg_rewind/nls.mk index e43f3b948f3..69e87d15fa1 100644 --- a/src/bin/pg_rewind/nls.mk +++ b/src/bin/pg_rewind/nls.mk @@ -1,7 +1,7 @@ # src/bin/pg_rewind/nls.mk CATALOG_NAME = pg_rewind AVAIL_LANGUAGES = -GETTEXT_FILES = copy_fetch.c datapagemap.c fetch.c filemap.c libpq_fetch.c logging.c parsexlog.c pg_rewind.c timeline.c ../../common/fe_memutils.c ../../../src/backend/access/transam/xlogreader.c +GETTEXT_FILES = copy_fetch.c datapagemap.c fetch.c filemap.c libpq_fetch.c logging.c parsexlog.c pg_rewind.c timeline.c ../../common/fe_memutils.c ../../common/restricted_token.c ../../../src/backend/access/transam/xlogreader.c GETTEXT_TRIGGERS = pg_log pg_fatal report_invalid_record:2 GETTEXT_FLAGS = pg_log:2:c-format \ diff --git a/src/bin/pg_rewind/pg_rewind.c b/src/bin/pg_rewind/pg_rewind.c index dda3a7988b1..04d6a464323 100644 --- a/src/bin/pg_rewind/pg_rewind.c +++ b/src/bin/pg_rewind/pg_rewind.c @@ -24,6 +24,7 @@ #include "access/xlog_internal.h" #include "catalog/catversion.h" #include "catalog/pg_control.h" +#include "common/restricted_token.h" #include "getopt_long.h" #include "storage/bufpage.h" @@ -102,6 +103,7 @@ main(int argc, char **argv) TimeLineID endtli; ControlFileData ControlFile_new; + set_pglocale_pgservice(argv[0], PG_TEXTDOMAIN("pg_rewind")); progname = get_progname(argv[0]); /* Process command-line arguments */ @@ -174,6 +176,21 @@ main(int argc, char **argv) exit(1); } + /* + * Don't allow pg_rewind to be run as root, to avoid overwriting the + * ownership of files in the data directory. We need only check for root + * -- any other user won't have sufficient permissions to modify files in + * the data directory. + */ +#ifndef WIN32 + if (geteuid() == 0) + pg_fatal("cannot be executed by \"root\"\n" + "You must run %s as the PostgreSQL superuser.\n", + progname); +#endif + + get_restricted_token(progname); + /* Connect to remote server */ if (connstr_source) libpqConnect(connstr_source); |