Re: Fix pg_rewind which can be run as root user

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: Fix pg_rewind which can be run as root user
Дата
Msg-id CABUevEx3hNEbBQ4dqsvA7u_t2A9oTfXH523ePWog05axZRZKCQ@mail.gmail.com
обсуждение исходный текст
Ответ на Fix pg_rewind which can be run as root user  (Michael Paquier <michael@paquier.xyz>)
Ответы Re: Fix pg_rewind which can be run as root user  (Peter Geoghegan <pg@bowt.ie>)
Re: Fix pg_rewind which can be run as root user  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-hackers
Дерево обсуждения
On Mon, Apr 9, 2018 at 7:11 AM, Michael Paquier <michael@paquier.xyz> wrote:
Hi all,

I was just going through pg_rewind's code, and noticed the following
pearl:
    /*
     * Don't allow pg_rewind to be run as root, to avoid overwriting the
     * ownership of files in the data directory. We need only check for root
     * -- any other user won't have sufficient permissions to modify files in
     * the data directory.
     */
#ifndef WIN32
    if (geteuid() == 0)
    {
        fprintf(stderr, _("cannot be executed by \"root\"\n"));
        fprintf(stderr, _("You must run %s as the PostgreSQL superuser.\n"),
                progname);
    }
#endif

While that's nice to inform the user about the problem, that actually
does not prevent pg_rewind to run as root.  Attached is a patch, which
needs a back-patch down to 9.5.

Seems simple enough and the right hting to do, but I wonder if we should really backpatch it. Yes, the behaviour is not great now, but there is also a non-zero risk of breaking peoples automated failover scripts of we backpatch it, isn't it? 


--

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Tomas Vondra
Дата:
Сообщение: Re: PostgreSQL's handling of fsync() errors is unsafe and risks data loss at least on XFS
Следующее
От: Peter Geoghegan
Дата:
Сообщение: Re: PostgreSQL's handling of fsync() errors is unsafe and risks data loss at least on XFS