Home > mailing lists

Re: setuid(geteuid());? - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: setuid(geteuid());?
Date	April 21, 2001 16:29:21
Msg-id	1719.987874153@sss.pgh.pa.us Whole thread Raw
In response to	Re: setuid(geteuid());? (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: setuid(geteuid());? (Tom Lane <tgl@sss.pgh.pa.us>) Re: setuid(geteuid());? (Bruce Momjian <pgman@candle.pha.pa.us>)
List	pgsql-hackers

Tree view

Peter Eisentraut <peter_e@gmx.net> writes:
>> We want real uid
>> to become postgres as well --- otherwise our test to prevent execution
>> as root is a waste of time, because nefarious code could become root
>> again just by doing setuid.  See the setuid man page: if real uid is
>> root then setuid(root) will succeed.

> That is a valid concern, but the code doesn't actually prevent this.

After reading the setuid man page a third time, I think you are right.

On machines that have setreuid(), or even better setresuid(), we could
force the ruid (and suid for good measure) to match euid.  Otherwise we
probably should refuse to start unless getuid matches geteuid.

Hmm ... setresuid may be an HP-ism ... does anyone else have that?
setreuid appears to be a BSD-ism, so it ought to be reasonably popular.
        regards, tom lane

pgsql-hackers by date:

From: Bruce Momjian
Date: 21 April 2001, 16:10:43
Subject: Re: setuid(geteuid());?

From: Tom Lane
Date: 21 April 2001, 16:47:31
Subject: Re: setuid(geteuid());?

Re: setuid(geteuid());? - Mailing list pgsql-hackers

Previous

Next