database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-04-21 12:05:57 +03:00
Code
postgres/contrib/start-scripts/osx/PostgreSQL
Noah Misch ed546dd061 start-scripts: switch to $PGUSER before opening $PGLOG. 
By default, $PGUSER has permission to unlink $PGLOG.  If $PGUSER
replaces $PGLOG with a symbolic link, the server will corrupt the
link-targeted file by appending log messages.  Since these scripts open
$PGLOG as root, the attack works regardless of target file ownership.

"make install" does not install these scripts anywhere.  Users having
manually installed them in the past should repeat that process to
acquire this fix.  Most script users have $PGLOG writable to root only,
located in $PGDATA.  Just before updating one of these scripts, such
users should rename $PGLOG to $PGLOG.old.  The script will then recreate
$PGLOG with proper ownership.

Reviewed by Peter Eisentraut.  Reported by Antoine Scemama.

Security: CVE-2017-12172
2017-11-06 07:11:13 -08:00

113 lines
3.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
##
# PostgreSQL RDBMS Server
##
# PostgreSQL boot time startup script for OS X. To install, change
# the "prefix", "PGDATA", "PGUSER", and "PGLOG" variables below as
# necessary. Next, create a new directory, "/Library/StartupItems/PostgreSQL".
# Then copy this script and the accompanying "StartupParameters.plist" file
# into that directory. The name of this script file *must* be the same as the
# directory it is in. So you'll end up with these two files:
#
# /Library/StartupItems/PostgreSQL/PostgreSQL
# /Library/StartupItems/PostgreSQL/StartupParameters.plist
#
# Next, add this line to the /etc/hostconfig file:
#
# POSTGRESQL=-YES-
#
# The startup bundle will now be ready to go. To prevent this script from
# starting PostgreSQL at system startup, simply change that line in
# /etc/hostconfig back to:
#
# POSTGRESQL=-NO-
#
# Created by David Wheeler, 2002
# modified by Ray Aspeitia 12-03-2003 :
# added log rotation script to db startup
# modified StartupParameters.plist "Provides" parameter to make it easier to
# start and stop with the SystemStarter utility
# use the below command in order to correctly start/stop/restart PG with log rotation script:
# SystemStarter [start|stop|restart] PostgreSQL
################################################################################
## EDIT FROM HERE
################################################################################
# Installation prefix
prefix="/usr/local/pgsql"
# Data directory
PGDATA="/usr/local/pgsql/data"
# Who to run the postmaster as, usually "postgres". (NOT "root")
PGUSER="postgres"
# the logfile path and name (NEEDS to be writeable by PGUSER)
PGLOG="${PGDATA}/logs/logfile"
# do you want to rotate the log files, 1=true 0=false
ROTATELOGS=1
# logfile rotate in seconds
ROTATESEC="604800"
################################################################################
## STOP EDITING HERE
################################################################################
# The path that is to be used for the script
PATH="$prefix/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
# What to use to start up the postmaster. (If you want the script to wait
# until the server has started, you could use "pg_ctl start -w" here.
# But without -w, pg_ctl adds no value.)
DAEMON="$prefix/bin/postmaster"
# What to use to shut down the postmaster
PGCTL="$prefix/bin/pg_ctl"
# The apache log rotation utility
LOGUTIL="/usr/sbin/rotatelogs"
. /etc/rc.common
StartService () {
if [ "${POSTGRESQL:=-NO-}" = "-YES-" ]; then
ConsoleMessage "Starting PostgreSQL database server"
if [ "${ROTATELOGS}" = "1" ]; then
sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' 2>&1 | ${LOGUTIL} \"${PGLOG}\" ${ROTATESEC} &"
else
sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' >>\"$PGLOG\" 2>&1 &"
fi
fi
}
StopService () {
ConsoleMessage "Stopping PostgreSQL database server"
sudo -u $PGUSER sh -c "$PGCTL stop -D '${PGDATA}' -s -m fast"
}
RestartService () {
if [ "${POSTGRESQL:=-NO-}" = "-YES-" ]; then
ConsoleMessage "Restarting PostgreSQL database server"
# should match StopService:
sudo -u $PGUSER sh -c "$PGCTL stop -D '${PGDATA}' -s -m fast"
# should match StartService:
if [ "${ROTATELOGS}" = "1" ]; then
sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' 2>&1 | ${LOGUTIL} \"${PGLOG}\" ${ROTATESEC} &"
else
sudo -u $PGUSER sh -c "${DAEMON} -D '${PGDATA}' >>\"$PGLOG\" 2>&1 &"
fi
else
StopService
fi
}
RunService "$1"
View Git Blame Copy Permalink