Date: Thu, 08 Sep 2016 16:58:39 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 212490] databases/postgresql-repmgr weak permission and rc script fix Message-ID: <bug-212490-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212490 Bug ID: 212490 Summary: databases/postgresql-repmgr weak permission and rc script fix Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: bofh@freebsd.org Reporter: marck@FreeBSD.org Flags: maintainer-feedback?(bofh@freebsd.org) Assignee: bofh@freebsd.org recovery config, which includes connection password for superuser-class DB user) is created as world readable. Also, daemon would better run as pgsql user, and for safety by default in monitor only mode. Patch: marck@castor:/FreeBSD/ports/ports/databases/postgresql-repmgr> svn diff Index: Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- Makefile (revision 421565) +++ Makefile (working copy) @@ -3,6 +3,7 @@ PORTNAME=3D postgresql-repmgr PORTVERSION=3D 3.1.5 +PORTREVISION=3D 1 CATEGORIES=3D databases MASTER_SITES=3D http://www.repmgr.org/download/ DISTNAME=3D repmgr-${PORTVERSION} Index: files/patch-repmgr.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- files/patch-repmgr.c (revision 0) +++ files/patch-repmgr.c (working copy) @@ -0,0 +1,20 @@ + +$FreeBSD$ + +--- repmgr.c.orig ++++ repmgr.c +@@ -4414,10 +4414,14 @@ + FILE *recovery_file; + char recovery_file_path[MAXLEN]; + char line[MAXLEN]; ++ mode_t um; + + maxlen_snprintf(recovery_file_path, "%s/%s", data_dir, RECOVERY_COMMAND_FILE); + ++ um =3D umask(0); ++ umask(077); + recovery_file =3D fopen(recovery_file_path, "w"); ++ umask(um); + if (recovery_file =3D=3D NULL) + { + log_err(_("unable to create recovery.conf file at '%s'\n"), recovery_file_path); Property changes on: files/patch-repmgr.c ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: files/repmgrd.in =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- files/repmgrd.in (revision 421565) +++ files/repmgrd.in (working copy) @@ -22,12 +22,13 @@ load_rc_config $name : ${repmgrd_enable:=3D"NO"} +: ${repmgrd_user:=3D"pgsql"} : ${repmgrd_config=3D"%%PREFIX%%/etc/repmgr.conf"} command=3D%%PREFIX%%/sbin/${name} pidfile=3D/var/run/${name}.pid -command_args=3D"-p $pidfile -f $repmgrd_config" +command_args=3D"-m -d -p $pidfile -f $repmgrd_config" run_rc_command "$1" --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-212490-13>