[Bug 212490] databases/postgresql-repmgr weak permission and rc script fix

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Sep 8 16:58:39 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212490

            Bug ID: 212490
           Summary: databases/postgresql-repmgr weak permission and rc
                    script fix
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: bofh at freebsd.org
          Reporter: marck at FreeBSD.org
             Flags: maintainer-feedback?(bofh at freebsd.org)
          Assignee: bofh at freebsd.org

recovery config, which includes connection password for superuser-class DB
user) is created as world readable.

Also, daemon would better run as pgsql user, and for safety by default in
monitor only mode.

Patch:

marck at castor:/FreeBSD/ports/ports/databases/postgresql-repmgr> svn diff
Index: Makefile
===================================================================
--- Makefile    (revision 421565)
+++ Makefile    (working copy)
@@ -3,6 +3,7 @@

 PORTNAME=      postgresql-repmgr
 PORTVERSION=   3.1.5
+PORTREVISION=  1
 CATEGORIES=    databases
 MASTER_SITES=  http://www.repmgr.org/download/
 DISTNAME=      repmgr-${PORTVERSION}
Index: files/patch-repmgr.c
===================================================================
--- files/patch-repmgr.c        (revision 0)
+++ files/patch-repmgr.c        (working copy)
@@ -0,0 +1,20 @@
+
+$FreeBSD$
+
+--- repmgr.c.orig
++++ repmgr.c
+@@ -4414,10 +4414,14 @@
+       FILE       *recovery_file;
+       char            recovery_file_path[MAXLEN];
+       char            line[MAXLEN];
++      mode_t          um;
+
+       maxlen_snprintf(recovery_file_path, "%s/%s", data_dir,
RECOVERY_COMMAND_FILE);
+
++      um = umask(0);
++      umask(077);
+       recovery_file = fopen(recovery_file_path, "w");
++      umask(um);
+       if (recovery_file == NULL)
+       {
+               log_err(_("unable to create recovery.conf file at '%s'\n"),
recovery_file_path);

Property changes on: files/patch-repmgr.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: files/repmgrd.in
===================================================================
--- files/repmgrd.in    (revision 421565)
+++ files/repmgrd.in    (working copy)
@@ -22,12 +22,13 @@
 load_rc_config $name

 : ${repmgrd_enable:="NO"}
+: ${repmgrd_user:="pgsql"}
 : ${repmgrd_config="%%PREFIX%%/etc/repmgr.conf"}

 command=%%PREFIX%%/sbin/${name}
 pidfile=/var/run/${name}.pid

-command_args="-p $pidfile -f $repmgrd_config"
+command_args="-m -d -p $pidfile -f $repmgrd_config"

 run_rc_command "$1"

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list