diff options
| author | Daniel Golle <daniel@makrotopia.org> | 2016-09-23 16:41:49 +0200 |
|---|---|---|
| committer | Daniel Golle <daniel@makrotopia.org> | 2016-09-23 20:03:05 +0200 |
| commit | 63120640e68829419d41b782669ec049110957ac (patch) | |
| tree | a530398e62b46e8308d78bae2aa1e71f8234b7dd /libs/postgresql/patches | |
| parent | 9622ec36dc020cc33bd2a73e6a508f40fa5dc68e (diff) | |
postgresql: update to version 9.5.4 and major rework
* convert package build to use host-build for ecpg, pg_config and zic
* introduce /lib/functions/postgresql.sh to be used by packages
requiring a postgres database to exist as well as postgres' init
* no longer require shadow-su, patch pg_ctl to setuid() ifself instead
* auto-create database directory if there is enough free space
* auto-create databases configured in UCI
* remove some dead uci config options
* grab maintainership
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Diffstat (limited to 'libs/postgresql/patches')
| -rw-r--r-- | libs/postgresql/patches/900-pg_ctl-setuid.patch | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/libs/postgresql/patches/900-pg_ctl-setuid.patch b/libs/postgresql/patches/900-pg_ctl-setuid.patch new file mode 100644 index 000000000..71ca2710e --- /dev/null +++ b/libs/postgresql/patches/900-pg_ctl-setuid.patch @@ -0,0 +1,109 @@ +Index: postgresql-9.5.4/src/bin/pg_ctl/pg_ctl.c +=================================================================== +--- postgresql-9.5.4.orig/src/bin/pg_ctl/pg_ctl.c ++++ postgresql-9.5.4/src/bin/pg_ctl/pg_ctl.c +@@ -95,6 +95,7 @@ static char *event_source = NULL; + static char *register_servicename = "PostgreSQL"; /* FIXME: + version ID? */ + static char *register_username = NULL; + static char *register_password = NULL; ++static char *username = ""; + static char *argv0 = NULL; + static bool allow_core_files = false; + static time_t start_time; +@@ -2114,6 +2115,9 @@ do_help(void) + #endif + printf(_(" -s, --silent only print errors, no informational messages\n")); + printf(_(" -t, --timeout=SECS seconds to wait when using -w option\n")); ++#if !defined(WIN32) && !defined(__CYGWIN__) ++ printf(_(" -U USERNAME user name of account PostgreSQL server is running as\n")); ++#endif + printf(_(" -V, --version output version information, then exit\n")); + printf(_(" -w wait until operation completes\n")); + printf(_(" -W do not wait until operation completes\n")); +@@ -2310,6 +2314,7 @@ main(int argc, char **argv) + {"pgdata", required_argument, NULL, 'D'}, + {"silent", no_argument, NULL, 's'}, + {"timeout", required_argument, NULL, 't'}, ++ {"username", required_argument, NULL, 'U'}, + {"core-files", no_argument, NULL, 'c'}, + {NULL, 0, NULL, 0} + }; +@@ -2350,20 +2355,6 @@ main(int argc, char **argv) + } + } + +- /* +- * Disallow running as root, to forestall any possible security holes. +- */ +-#ifndef WIN32 +- if (geteuid() == 0) +- { +- write_stderr(_("%s: cannot be run as root\n" +- "Please log in (using, e.g., \"su\") as the " +- "(unprivileged) user that will\n" +- "own the server process.\n"), +- progname); +- exit(1); +- } +-#endif + + env_wait = getenv("PGCTLTIMEOUT"); + if (env_wait != NULL) +@@ -2449,11 +2440,15 @@ main(int argc, char **argv) + wait_seconds_arg = true; + break; + case 'U': ++#if defined(WIN32) || defined(__CYGWIN__) + if (strchr(optarg, '\\')) + register_username = pg_strdup(optarg); + else + /* Prepend .\ for local accounts */ + register_username = psprintf(".\\%s", optarg); ++#else ++ username = pg_strdup(optarg); ++#endif + break; + case 'w': + do_wait = true; +@@ -2535,6 +2530,41 @@ main(int argc, char **argv) + exit(1); + } + ++ /* ++ * Disallow running as root, to forestall any possible security holes. ++ */ ++#if !defined(WIN32) && !defined(__CYGWIN__) ++ if (geteuid() == 0) ++ { ++ struct passwd *p; ++ if (!username || !strlen(username)) { ++ fprintf(stderr, ++ _("%s: when run as root, username needs to be provided\n"), ++ progname); ++ exit(1); ++ } ++ p = getpwnam(username); ++ if (!p) { ++ fprintf(stderr, ++ _("%s: invalid username: %s\n"), ++ progname, username); ++ exit(1); ++ } ++ if (!p->pw_uid) { ++ fprintf(stderr, ++ _("%s: user needs to be non-root\n"), ++ progname); ++ exit(1); ++ } ++ if (setgid(p->pw_gid) || setuid(p->pw_uid)) { ++ fprintf(stderr, ++ _("%s: failed to set user id %d: %d (%s)\n"), ++ progname, p->pw_uid, errno, strerror(errno)); ++ exit(1); ++ } ++ } ++#endif ++ + /* Note we put any -D switch into the env var above */ + pg_config = getenv("PGDATA"); + if (pg_config) |