401719 – Late version of the dev-db/postgresql-server-9.1.2-r1 impairs usage, locks shutdown

Bug 401719 - Late version of the dev-db/postgresql-server-9.1.2-r1 impairs usage, locks shutdown

Summary: Late version of the dev-db/postgresql-server-9.1.2-r1 impairs usage, locks sh...

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Server (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Gentoo Linux bug wranglers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-02-01 00:05 UTC by Giampaolo Tomassoni
Modified:	2012-02-01 08:19 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Patch for the problems in the init script (postgresql-9.1-init-script-locks-shutdown-impairs-startup.patch,1.04 KB, patch) 2012-02-01 00:06 UTC, Giampaolo Tomassoni	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Giampaolo Tomassoni 2012-02-01 00:05:43 UTC

A couple of big troubles are afflicting the /etc/init.d/postgresql-9.1 file shipped with the package.

1) it enforces to rwxrwx--- the access attributes of the /var/run/postgresql dir, such that only processes belonging to the postgres user and/or group can access the postgresql socket. Permission should instead be at least rwxrwx--x (0771);

2) it confuses the start-stop-daemon --wait parameter (which is in milliseconds) with the --retry one (in which "wait time" is in seconds), thereby making a brick of every and each gentoo box in which the postgresql server should be "rudely" shut down;

Reproducible: Always

Comment 1 Giampaolo Tomassoni 2012-02-01 00:06:39 UTC

Created attachment 300577 [details, diff]
Patch for the problems in the init script

This is a small patch for the reported problems.

Comment 2 Aaron W. Swenson gentoo-dev

2012-02-01 00:35:54 UTC

(In reply to comment #0)
> A couple of big troubles are afflicting the /etc/init.d/postgresql-9.1 file
> shipped with the package.
> 
> 1) it enforces to rwxrwx--- the access attributes of the /var/run/postgresql
> dir, such that only processes belonging to the postgres user and/or group can
> access the postgresql socket. Permission should instead be at least rwxrwx--x
> (0771);

The 770 permissions are inline with the post-install instructions and Gentoo documentation. It is a security feature, not a bug.

> 2) it confuses the start-stop-daemon --wait parameter (which is in
> milliseconds) with the --retry one (in which "wait time" is in seconds),
> thereby making a brick of every and each gentoo box in which the postgresql
> server should be "rudely" shut down;

The wrong revision was stabilized by the AMD AT. Move up to -r2 and it'll be fixed.

Comment 3 Giampaolo Tomassoni 2012-02-01 08:19:54 UTC

(In reply to comment #2)

> It is a security feature, not a bug.

Are you going to put the same permissions to the lo interface? Because this way you would maximize the postgresql server security.

Too bad network interfaces don't have access permissions...


> The wrong revision was stabilized by the AMD AT. Move up to -r2 and it'll be
> fixed.

The box is an amb64 "stable" system. Actually dev-db/postgresql-server-9.1.2-r2 is masked out there. See:

[-P-] [ ~] dev-db/postgresql-server-9.1.2-r2:9.1

So, at least, the package fixing the timeout values of the init script wasn't put stable along with the one borrowing the new start-stop-daemon.

Besides, the start-stop-daemon man page now is wrong:


     These options are only used for stopping daemons:

     -R, --retry timeout | signal/timeout
             The retry specification can be either a timeout 
             in seconds or multiple signal/timeout pairs
             (like SIGTERM/5).