From dfc015dcf46c1996bd7ed5866e9e045d258604b3 Mon Sep 17 00:00:00 2001
From: Noah Misch
Date: Mon, 6 Nov 2017 07:11:10 -0800
Subject: start-scripts: switch to $PGUSER before opening $PGLOG.

By default, $PGUSER has permission to unlink $PGLOG.  If $PGUSER
replaces $PGLOG with a symbolic link, the server will corrupt the
link-targeted file by appending log messages.  Since these scripts open
$PGLOG as root, the attack works regardless of target file ownership.

"make install" does not install these scripts anywhere.  Users having
manually installed them in the past should repeat that process to
acquire this fix.  Most script users have $PGLOG writable to root only,
located in $PGDATA.  Just before updating one of these scripts, such
users should rename $PGLOG to $PGLOG.old.  The script will then recreate
$PGLOG with proper ownership.

Reviewed by Peter Eisentraut.  Reported by Antoine Scemama.

Security: CVE-2017-12172
---
 contrib/start-scripts/linux | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'contrib/start-scripts/linux')

diff --git a/contrib/start-scripts/linux b/contrib/start-scripts/linux
index 44a775b0300..a7757162fc4 100644
--- a/contrib/start-scripts/linux
+++ b/contrib/start-scripts/linux
@@ -91,7 +91,7 @@ case $1 in
   start)
 	echo -n "Starting PostgreSQL: "
 	test -e "$PG_OOM_ADJUST_FILE" && echo "$PG_MASTER_OOM_SCORE_ADJ" > "$PG_OOM_ADJUST_FILE"
-	su - $PGUSER -c "$DAEMON_ENV $DAEMON -D '$PGDATA' &" >>$PGLOG 2>&1
+	su - $PGUSER -c "$DAEMON_ENV $DAEMON -D '$PGDATA' >>$PGLOG 2>&1 &"
 	echo "ok"
 	;;
   stop)
@@ -103,7 +103,7 @@ case $1 in
 	echo -n "Restarting PostgreSQL: "
 	su - $PGUSER -c "$PGCTL stop -D '$PGDATA' -s"
 	test -e "$PG_OOM_ADJUST_FILE" && echo "$PG_MASTER_OOM_SCORE_ADJ" > "$PG_OOM_ADJUST_FILE"
-	su - $PGUSER -c "$DAEMON_ENV $DAEMON -D '$PGDATA' &" >>$PGLOG 2>&1
+	su - $PGUSER -c "$DAEMON_ENV $DAEMON -D '$PGDATA' >>$PGLOG 2>&1 &"
 	echo "ok"
 	;;
   reload)
-- 
cgit v1.2.3