From 0b83c1f272165716d9c30911fbeab5dddca3ab18 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Fri, 22 Oct 2004 00:24:33 +0000
Subject: [PATCH] Prevent pg_ctl from being run as root.  Since it uses
 configuration files owned by postgres, doing "pg_ctl start" as root could
 allow a privilege escalation attack, as pointed out by iDEFENSE.  Of course
 the postmaster would fail, but we ought to fail a little sooner to protect
 sysadmins unfamiliar with Postgres.  The chosen fix is to disable root use of
 pg_ctl in all cases, just to be confident there are no other holes.

---
 src/bin/pg_ctl/pg_ctl.sh | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/bin/pg_ctl/pg_ctl.sh b/src/bin/pg_ctl/pg_ctl.sh
index 0c7341bd9bc..168326d380f 100755
--- a/src/bin/pg_ctl/pg_ctl.sh
+++ b/src/bin/pg_ctl/pg_ctl.sh
@@ -8,7 +8,7 @@
 #
 #
 # IDENTIFICATION
-#    $Header: /cvsroot/pgsql/src/bin/pg_ctl/Attic/pg_ctl.sh,v 1.30 2002/10/18 22:05:35 petere Exp $
+#    $Header: /cvsroot/pgsql/src/bin/pg_ctl/Attic/pg_ctl.sh,v 1.30.2.1 2004/10/22 00:24:33 tgl Exp $
 #
 #-------------------------------------------------------------------------
 
@@ -110,6 +110,14 @@ fi
 
 po_path="$PGPATH/postmaster"
 
+if [ `$PGPATH/pg_id -u` -eq 0 ]
+then
+    echo "$CMDNAME: cannot be run as root" 1>&2
+    echo "Please log in (using, e.g., \"su\") as the (unprivileged) user that will" 1>&2
+    echo "own the server process." 1>&2
+    exit 1
+fi
+
 wait=
 wait_seconds=60
 logfile=
-- 
GitLab