> Tom Lane writes:
>
> > Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > > so it seems to make sure the real/saved uid matches the effective uid.
> > > Now, considering we don't use uid/euid distinction for anything, I agree
> > > it is useless and should be removed.
> >
> > No, it is NOT useless and must NOT be removed. The point of this little
> > machination is to be dead certain that we have given up root rights if
> > executed as setuid postgres. The scenario we're concerned about is
> > where real uid = root and effective uid = postgres.
>
> If effective uid = postgres, then this will execute setuid(postgres),
> which does nothing.
I am a little confused. BSD/OS manual page says:
The setuid() function sets the real and effective user IDs and the saved set-user-ID of the current process to
thespecified value. The setuid() function is permitted if the specified ID is equal to the real user ID of the
process,or if the effective user ID is that of the super user.
...
If the user is not the super user, or the uid specified is not the real, effective ID, or saved ID, these
functionsreturn -1.
so why does your test work? Does your manual say something different?
If setuid() sets user/effective/saved to postgres, how can you get back
root?
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026