Prevent pg_ctl from being run as root. Since it uses configuration files
Tom Lane <tgl@sss.pgh.pa.us>
Prevent pg_ctl from being run as root. Since it uses configuration files owned by postgres, doing "pg_ctl start" as root could allow a privilege escalation attack, as pointed out by iDEFENSE. Of course the postmaster would fail, but we ought to fail a little sooner to protect sysadmins unfamiliar with Postgres. The chosen fix is to disable root use of pg_ctl in all cases, just to be confident there are no other holes.
Files
| Path | Change | +/− |
|---|---|---|
| src/bin/pg_ctl/pg_ctl.sh | modified | +9 −1 |