Commit c8989206 authored by Christoph Berg's avatar Christoph Berg

pg_ctlcluster: Protect against symlink in /var/log/postgresql/ allowing the...

pg_ctlcluster: Protect against symlink in /var/log/postgresql/ allowing the creation of arbitrary files elsewhere. Discovered by Dawid Golunski, thanks!
parent 30f0e420
......@@ -23,7 +23,7 @@ use warnings;
use Getopt::Long;
use POSIX qw/setsid dup2 setlocale LC_ALL :sys_wait_h/;
use PgCommon;
use Fcntl 'SEEK_SET';
use Fcntl qw(SEEK_SET O_RDWR O_CREAT O_EXCL);
my ($version, $cluster, $pg_ctl, $force);
my (@postgres_auxoptions, @pg_ctl_opts_from_cli);
......@@ -438,17 +438,20 @@ if ($> == 0 && ! -e '/var/log/postgresql' &&
# recreate missing log file
if ($action ne 'stop' && $info{'logfile'} && ! -e $info{'logfile'}) {
open L, '>', $info{'logfile'} or
if ($> == 0) { # drop privileges; this is important if logfile
# was determined via an /etc/postgresql/.../log symlink
change_ugid $info{'owneruid'}, $info{'ownergid'};
}
sysopen (L, $info{'logfile'}, O_RDWR|O_CREAT|O_EXCL) or
error 'Could not create log file ' . $info{'logfile'};
close L;
chmod 0640, $info{'logfile'};
my $g;
$< = $> = 0; # will silently fail if we were not root before, that's intended
$( = $) = 0;
if ($info{'owneruid'} < 500) {
$g = (getgrnam 'adm')[2];
} else {
$g = $info{'ownergid'};
my $g = (getgrnam 'adm')[2];
chown $info{'owneruid'}, $g, $info{'logfile'} if (defined $g);
}
chown $info{'owneruid'}, $g, $info{'logfile'};
close L;
}
# recreate /var/run/postgresql
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment