diff --git a/SOURCES/postgresql-setup b/SOURCES/postgresql-setup index d41811f..3af2ff8 100755 --- a/SOURCES/postgresql-setup +++ b/SOURCES/postgresql-setup @@ -2,6 +2,38 @@ # # postgresql-setup - Initialization and upgrade operations for PostgreSQL +# For SELinux we need to use 'runuser' not 'su' +if [ -x /sbin/runuser ]; then + SU=runuser +else + SU=su +fi + +if test "$(id -u)" -eq 0; then + cmd= + for v in PGSETUP_DEBUG PGSETUP_INITDB_OPTIONS PGSETUP_PGUPGRADE_OPTIONS; do + eval var_content=\$$v + test -z "$var_content" && continue + cmd+=$v="$(printf %q "$var_content") " + done + cmd+=$(printf %q "$(readlink -f "$0")") + for arg; do cmd+=" $(printf %q "$arg")" ; done + # Drop root privileges asap. It's not recommended to run postgresql-setup + # script under root nowadays; so we take the liberty to switch to the + # PostgreSQL admin user (by default 'postgres') without any other option. + exec $SU -s /bin/sh postgres -c "$cmd" +fi + +die () { echo >&2 "$*"; exit 1; } + +test "$(id -u)" -eq 0 && exit 1 + +# ensure privacy +umask 0077 + +: ${RESTORECON=/sbin/restorecon} +test -x $RESTORECON || RESTORECON=: + test x"$PGSETUP_DEBUG" != x && set -x # PGVERSION is the full package version, e.g., 9.0.2 @@ -20,6 +52,8 @@ PREVMAJORVERSION=xxxx # PREVPGENGINE is the directory containing the previous postmaster executable PREVPGENGINE=xxxx +USER=postgres + # Absorb configuration settings from the specified systemd service file, # or the default "postgresql" service if not specified SERVICE_NAME="$2" @@ -99,46 +133,40 @@ PGUPLOG=/var/lib/pgsql/pgupgrade.log export PGDATA export PGPORT -# For SELinux we need to use 'runuser' not 'su' -if [ -x /sbin/runuser ]; then - SU=runuser -else - SU=su -fi - -SU_L_POSTGRES="$SU -s /bin/sh -l postgres" - script_result=0 +test -w /var/lib/pgsql || { + echo >&2 $"The /var/lib/pgsql directory has wrong permissions." + echo >&2 $"Please make sure the directory is writable by postgres." + exit 1 +} + # code shared between initdb and upgrade actions perform_initdb(){ if [ ! -e "$PGDATA" ]; then mkdir "$PGDATA" || return 1 - chown postgres:postgres "$PGDATA" - chmod go-rwx "$PGDATA" fi - # Clean up SELinux tagging for PGDATA - [ -x /sbin/restorecon ] && /sbin/restorecon "$PGDATA" + $RESTORECON "$PGDATA" + test -w "$PGDATA" || die "$PGDATA is not writeable by $USER" # Create the initdb log file if needed - if [ ! -e "$PGLOG" -a ! -h "$PGLOG" ]; then + if [ ! -e "$PGLOG" ]; then touch "$PGLOG" || return 1 - chown postgres:postgres "$PGLOG" - chmod go-rwx "$PGLOG" - [ -x /sbin/restorecon ] && /sbin/restorecon "$PGLOG" fi + $RESTORECON "$PGLOG" + test -w "$PGLOG" || echo "$PGLOG is not writeable by $USER" # Initialize the database - initdbcmd="$PGENGINE/initdb --pgdata='$PGDATA' --auth='ident'" - initdbcmd+=" $PGSETUP_INITDB_OPTIONS" + initdbcmd=( + "$PGENGINE/initdb" --pgdata="$PGDATA" + --auth=ident + ) + eval "initdbcmd+=( $PGSETUP_INITDB_OPTIONS )" - $SU_L_POSTGRES -c "$initdbcmd" >> "$PGLOG" 2>&1 < /dev/null + "${initdbcmd[@]}" >> "$PGLOG" 2>&1 < /dev/null - # Create directory for postmaster log files mkdir "$PGDATA/pg_log" - chown postgres:postgres "$PGDATA/pg_log" - chmod go-rwx "$PGDATA/pg_log" - [ -x /sbin/restorecon ] && /sbin/restorecon "$PGDATA/pg_log" + $RESTORECON "$PGDATA/pg_log" if [ -f "$PGDATA/PG_VERSION" ]; then return 0 @@ -184,9 +212,7 @@ upgrade(){ # Set up log file for pg_upgrade rm -f "$PGUPLOG" touch "$PGUPLOG" || exit 1 - chown postgres:postgres "$PGUPLOG" - chmod go-rwx "$PGUPLOG" - [ -x /sbin/restorecon ] && /sbin/restorecon "$PGUPLOG" + $RESTORECON "$PGUPLOG" # Move old DB to PGDATAOLD PGDATAOLD="${PGDATA}-old" @@ -211,17 +237,22 @@ upgrade(){ # Create empty new-format database if perform_initdb; then + eval "add_options=( $PGSETUP_PGUPGRADE_OPTIONS )" # Do the upgrade - $SU_L_POSTGRES -c "$PGENGINE/pg_upgrade \ - '--old-bindir=$PREVPGENGINE' \ - '--new-bindir=$PGENGINE' \ - '--old-datadir=$PGDATAOLD' \ - '--new-datadir=$PGDATA' \ - --link \ - '--old-port=$PGPORT' '--new-port=$PGPORT' \ - --user=postgres \ - $PGSETUP_PGUPGRADE_OPTIONS" \ - >> "$PGUPLOG" 2>&1 < /dev/null + ( cd # pg_upgrade writes to $PWD + "$PGENGINE/pg_upgrade" \ + --old-bindir="$PREVPGENGINE" \ + --new-bindir="$PGENGINE" \ + --old-datadir="$PGDATAOLD" \ + --new-datadir="$PGDATA" \ + --link \ + --old-port="$PGPORT" \ + --new-port="$PGPORT" \ + --user=postgres \ + "${add_options[@]}" \ + >> "$PGUPLOG" 2>&1 < /dev/null + ) + if [ $? -ne 0 ]; then # pg_upgrade failed script_result=1 diff --git a/SPECS/postgresql.spec b/SPECS/postgresql.spec index e2f0b4d..ec523d3 100644 --- a/SPECS/postgresql.spec +++ b/SPECS/postgresql.spec @@ -63,7 +63,7 @@ Summary: PostgreSQL client programs Name: postgresql %global majorversion 9.2 Version: 9.2.23 -Release: 1%{?dist} +Release: 3%{?dist} # The PostgreSQL license is very similar to other MIT licenses, but the OSI # recognizes it as an independent license, so we do as well. @@ -1162,6 +1162,12 @@ fi %endif %changelog +* Mon Nov 06 2017 Pavel Raiskup - 9.2.23-3 +- setup: keep PGSETUP_* variables after switching to not-privileged user + +* Mon Oct 23 2017 Pavel Raiskup - 9.2.23-2 +- fix CVE-2017-12172 + * Tue Aug 29 2017 Petr Kubat - 9.2.23-1 - update to 9.2.23 per release notes http://www.postgresql.org/docs/9.2/static/release-9-2-23.html