mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-12-09 08:10:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
a49cf6ef3d
postgresql/contrib/start-scripts/freebsd
Noah Misch b500297680 start-scripts: switch to $PGUSER before opening $PGLOG. 
By default, $PGUSER has permission to unlink $PGLOG.  If $PGUSER
replaces $PGLOG with a symbolic link, the server will corrupt the
link-targeted file by appending log messages.  Since these scripts open
$PGLOG as root, the attack works regardless of target file ownership.

"make install" does not install these scripts anywhere.  Users having
manually installed them in the past should repeat that process to
acquire this fix.  Most script users have $PGLOG writable to root only,
located in $PGDATA.  Just before updating one of these scripts, such
users should rename $PGLOG to $PGLOG.old.  The script will then recreate
$PGLOG with proper ownership.

Reviewed by Peter Eisentraut.  Reported by Antoine Scemama.

Security: CVE-2017-12172
2017-11-06 07:11:13 -08:00

68 lines
1.5 KiB
Bash
Raw Blame History

#! /bin/sh
# PostgreSQL boot time startup script for FreeBSD. Copy this file to
# /usr/local/etc/rc.d/postgresql.
# Created through merger of the Linux start script by Ryan Kirkpatrick
# and the script in the FreeBSD ports collection.
# contrib/start-scripts/freebsd
## EDIT FROM HERE
# Installation prefix
prefix=/usr/local/pgsql
# Data directory
PGDATA="/usr/local/pgsql/data"
# Who to run the postmaster as, usually "postgres". (NOT "root")
PGUSER=postgres
# Where to keep a log file
PGLOG="$PGDATA/serverlog"
## STOP EDITING HERE
# The path that is to be used for the script
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# What to use to start up the postmaster. (If you want the script to wait
# until the server has started, you could use "pg_ctl start -w" here.
# But without -w, pg_ctl adds no value.)
DAEMON="$prefix/bin/postmaster"
# What to use to shut down the postmaster
PGCTL="$prefix/bin/pg_ctl"
# Only start if we can find the postmaster.
test -x $DAEMON ||
{
echo "$DAEMON not found"
exit 0
}
case $1 in
start)
su -l $PGUSER -c "$DAEMON -D '$PGDATA' >>$PGLOG 2>&1 &"
echo -n ' postgresql'
;;
stop)
su -l $PGUSER -c "$PGCTL stop -D '$PGDATA' -s -m fast"
;;
restart)
su -l $PGUSER -c "$PGCTL stop -D '$PGDATA' -s -m fast -w"
su -l $PGUSER -c "$DAEMON -D '$PGDATA' >>$PGLOG 2>&1 &"
;;
status)
su -l $PGUSER -c "$PGCTL status -D '$PGDATA'"
;;
*)
# Print help
echo "Usage: `basename $0` {start|stop|restart|status}" 1>&2
exit 1
;;
esac
exit 0
Reference in New Issue View Git Blame Copy Permalink