<warning>
<para>
- On systems lacking Unix-domain sockets, notably Windows, this test method
- starts a temporary server configured to accept any connection originating
- on the local machine. Any local user can gain database superuser
- privileges when connecting to this server, and could in principle exploit
- all privileges of the operating-system user running the tests. Therefore,
- it is not recommended that you use <literal>gmake check</> on an affected
- system shared with untrusted users. Instead, run the tests after
- completing the installation, as described in the next section.
+ This test method starts a temporary server, which is configured to accept
+ any connection originating on the local machine. Any local user can gain
+ database superuser privileges when connecting to this server, and could
+ in principle exploit all privileges of the operating-system user running
+ the tests. Therefore, it is not recommended that you use <literal>gmake
+ check</> on machines shared with untrusted users. Instead, run the tests
+ after completing the installation, as described in the next section.
+ </para>
+
+ <para>
+ On Unix-like machines, this danger can be avoided if the temporary
+ server's socket file is made inaccessible to other users, for example
+ by running the tests in a protected chroot. On Windows, the temporary
+ server opens a locally-accessible TCP socket, so filesystem protections
+ cannot help.
</para>
</warning>
</screen>
runs no more than ten tests concurrently.
</para>
-
- <para>
- To protect your operating system user account, the test driver places the
- server's socket in a relative subdirectory inaccessible to other users.
- Since most systems constrain the length of socket paths well
- below <literal>_POSIX_PATH_MAX</>, testing may fail to start from a
- directory with a long name. Work around this problem by pointing
- the <envar>PG_REGRESS_SOCK_DIR</> environment variable to a substitute
- socket directory having a shorter path. On a multi-user system, give that
- directory mode <literal>0700</>.
- </para>
</sect2>
<sect2>
static char *logfilename;
static FILE *logfile;
static char *difffilename;
-static char *sockdir;
static _resultmap *resultmap = NULL;
* the wrong postmaster, or otherwise behave in nondefault ways. (Note
* we also use psql's -X switch consistently, so that ~/.psqlrc files
* won't mess things up.) Also, set PGPORT to the temp port, and set
- * PGHOST depending on whether we are using TCP or Unix sockets.
+ * or unset PGHOST depending on whether we are using TCP or Unix
+ * sockets.
*/
unsetenv("PGDATABASE");
unsetenv("PGUSER");
if (hostname != NULL)
doputenv("PGHOST", hostname);
else
- {
- sockdir = getenv("PG_REGRESS_SOCK_DIR");
- if (!sockdir)
- {
- /*
- * Since initdb creates the data directory with secure
- * permissions, we place the socket there. This ensures no
- * other OS user can open our socket to exploit our use of
- * trust authentication. Compared to using the compiled-in
- * DEFAULT_PGSOCKET_DIR, this also permits testing to work in
- * builds that relocate it to a directory not writable to the
- * build/test user.
- */
- sockdir = malloc(strlen(temp_install) + sizeof("/data"));
- sprintf(sockdir, "%s/data", temp_install);
- }
- doputenv("PGHOST", sockdir);
- }
+ unsetenv("PGHOST");
unsetenv("PGHOSTADDR");
if (port != -1)
{
*/
header(_("starting postmaster"));
snprintf(buf, sizeof(buf),
- SYSTEMQUOTE "\"%s/postgres\" -D \"%s/data\" -F%s "
- "-c \"listen_addresses=%s\" -k \"%s\" "
- "> \"%s/log/postmaster.log\" 2>&1" SYSTEMQUOTE,
- bindir, temp_install, debug ? " -d 5" : "",
- hostname ? hostname : "", sockdir ? sockdir : "",
+ SYSTEMQUOTE "\"%s/postgres\" -D \"%s/data\" -F%s -c \"listen_addresses=%s\" > \"%s/log/postmaster.log\" 2>&1" SYSTEMQUOTE,
+ bindir, temp_install,
+ debug ? " -d 5" : "",
+ hostname ? hostname : "",
outputdir);
postmaster_pid = spawn_process(buf);
if (postmaster_pid == INVALID_PID)
projects / postgresql / commitdiff