1
0
mirror of https://github.com/postgres/postgres.git synced 2025-10-24 01:29:19 +03:00
Commit Graph

10 Commits

Author SHA1 Message Date
Noah Misch
ed546dd061 start-scripts: switch to $PGUSER before opening $PGLOG.
By default, $PGUSER has permission to unlink $PGLOG.  If $PGUSER
replaces $PGLOG with a symbolic link, the server will corrupt the
link-targeted file by appending log messages.  Since these scripts open
$PGLOG as root, the attack works regardless of target file ownership.

"make install" does not install these scripts anywhere.  Users having
manually installed them in the past should repeat that process to
acquire this fix.  Most script users have $PGLOG writable to root only,
located in $PGDATA.  Just before updating one of these scripts, such
users should rename $PGLOG to $PGLOG.old.  The script will then recreate
$PGLOG with proper ownership.

Reviewed by Peter Eisentraut.  Reported by Antoine Scemama.

Security: CVE-2017-12172
2017-11-06 07:11:13 -08:00
Heikki Linnakangas
3aee34d41d Fix typos in comments.
Backpatch to all supported versions, where applicable, to make backpatching
of future fixes go more smoothly.

Josh Soref

Discussion: https://www.postgresql.org/message-id/CACZqfqCf+5qRztLPgmmosr-B0Ye4srWzzw_mo4c_8_B_mtjmJQ@mail.gmail.com
2017-02-06 11:34:18 +02:00
Peter Eisentraut
220bb39dee doc: Reflect renaming of Mac OS X to OS X
bug #10528
2014-09-09 13:56:29 -04:00
Bruce Momjian
66d85c5356 Remove dead URL mention in OSX startup script
Backpatch to 9.3.

Per suggestion from Gavan Schneider
2013-09-04 17:04:33 -04:00
Tom Lane
6c8768c386 Fix overly-aggressive and inconsistent quoting in OS X start script.
Sidar Lopez, per bug #6310, with some additional improvements by me.
Back-patch to 9.0, where the issue was introduced.
2011-11-26 13:01:02 -05:00
Peter Eisentraut
fc946c39ae Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
Tom Lane
8f5500e6bd Make it reasonably safe to use pg_ctl to start the postmaster from a boot-time
script.

To do this, have pg_ctl pass down its parent shell's PID in an environment
variable PG_GRANDPARENT_PID, and teach CreateLockFile() to disregard that PID
as a false match if it finds it in postmaster.pid.  This allows us to cope
with one level of postgres-owned shell process even with pg_ctl in the way,
so it's just as safe as starting the postmaster directly.  You still have to
be careful about how you write the initscript though.

Adjust the comments in contrib/start-scripts/ to not deprecate use of
pg_ctl.  Also, fix the ROTATELOGS option in the OSX script, which was
indulging in exactly the sort of unsafe coding that renders this fix
pointless :-(.  A pipe inside the "sudo" will probably result in more
than one postgres-owned process hanging around.
2009-08-27 16:59:38 +00:00
Tom Lane
97e3a6e9c5 Remove inappropriate cd commands, per David Wheeler. Also make
the PATH responsive to the installation prefix, which was the apparent
intent of the previous edit, but not well executed.
2008-01-16 21:00:25 +00:00
Bruce Momjian
18e3992e56 Add standard error redirection for OS/X & darwin startup script.
Les Hill
2007-05-30 19:58:34 +00:00
Bruce Momjian
87a9473276 Update /contrib OS/X startup files, and move to a separate OS/X
directory.

Mark Cotner and David Fetter
2007-05-30 18:10:38 +00:00