Re: How to change the pgsql source code and build it??

Поиск
Список
Период
Сортировка
От Kyotaro HORIGUCHI
Тема Re: How to change the pgsql source code and build it??
Дата
Msg-id 20140613.105936.184414267.horiguchi.kyotaro@lab.ntt.co.jp
обсуждение исходный текст
Ответ на Re: How to change the pgsql source code and build it??  (Shreesha <shreesha1988@gmail.com>)
Ответы Re: How to change the pgsql source code and build it??  (Fabrízio de Royes Mello <fabriziomello@gmail.com>)
Список pgsql-hackers
Hi,

> I need to port pgsql onto a controller which doesn't have a framework of
> creating multiple users for administrative purposes. The entire controller
> is managed by a single root user and that is the reason I am trying to
> change the pgsql initdb behavior. Do you think of any other better
> alternative?

The reason you didn't see initdb completed is that it execs
postgres on the way.

As you know, it is strongly discourged on ordinary environment,
but that framework sounds to be a single-user environment like
what MS-DOS was, where any security risk comes from the
characterisc is acceptable.

I could see initdb and postgres operating as root for the moment
(which means any possible side-effect is not checked) by making
changes at four point in the whole postgresql source
tree. Perhaps only two of them are needed for your wish.

postgresql $ find . -type f -print | xargs grep -nH 'geteuid() == 0'
./src/backend/main/main.c:377:  if (geteuid() == 0)
./src/bin/pg_ctl/pg_ctl.c:2121: if (geteuid() == 0)
./src/bin/initdb/initdb.c:778:  if (geteuid() == 0)                      /* 0 is root's uid */
./src/bin/pg_resetxlog/pg_resetxlog.c:250:      if (geteuid() == 0)

Try replacing these conditions with "(0 && geteuid() == 0)" and
you would see it run as root.

-- 
Kyotaro Horiguchi
NTT Open Source Software Center



В списке pgsql-hackers по дате отправления:

Предыдущее
От: Shreesha
Дата:
Сообщение: Re: How to change the pgsql source code and build it??
Следующее
От: Noah Misch
Дата:
Сообщение: Re: Something flaky in the "relfilenode mapping" infrastructure