From eedc75bfe1fc77b41c8da8cab45e32c3efcf5b08 Mon Sep 17 00:00:00 2001 From: "Marc G. Fournier" Date: Thu, 14 Nov 1996 20:49:09 +0000 Subject: [PATCH] Bring in Randy's NOROOT patch --- src/backend/main/main.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/backend/main/main.c b/src/backend/main/main.c index 4d2710b827..aa8d9836d5 100644 --- a/src/backend/main/main.c +++ b/src/backend/main/main.c @@ -7,17 +7,26 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/main/main.c,v 1.2 1996/11/08 05:56:27 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/main/main.c,v 1.3 1996/11/14 20:49:09 scrappy Exp $ * *------------------------------------------------------------------------- */ +#include #include +#include #include "postgres.h" #include "miscadmin.h" #include "bootstrap/bootstrap.h" /* for BootstrapMain() */ #include "tcop/tcopprot.h" /* for PostgresMain() */ #include "port-protos.h" /* for init_address_fixup() */ +#define NOROOTEXEC "\ +\n\"root\" execution of the PostgreSQL backend is not permitted\n\n\ +It is highly recommended that the backend be started under it's own userid\n\ +to prevent possible system security compromise. This can be accomplished\n\ +by placing the following command in the PostgreSQL startup script.\n\n\ +echo \"postmaster -B 256 >/var/log/pglog 2>&1 &\" | su - postgres\n\n" + int main(int argc, char *argv[]) { @@ -33,6 +42,12 @@ main(int argc, char *argv[]) /* use one executable for both postgres and postmaster, invoke one or the other depending on the name of the executable */ len = strlen(argv[0]); + + if (!geteuid()) { + fprintf(stderr, "%s", NOROOTEXEC); + exit(1); + } + if(len >= 10 && ! strcmp(argv[0] + len - 10, "postmaster")) exit(PostmasterMain(argc, argv)); -- 2.40.0