mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make restricted_exec feature for Windows more robust by using the environment

Browse Source 
to pass the flag instead of the command line - some implementations of
getopt fail if getopt arguments are present after non-getopt arguments.
This commit is contained in:
Andrew Dunstan 2006-02-24 02:02:41 +00:00
parent b5fe16d09f
commit 2b695717a7
1 changed files with 12 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/bin/initdb/initdb.c
View File

@ -42,7 +42,7 @@
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* Portions taken from FreeBSD. * Portions taken from FreeBSD.
* *
* $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.111 2006/02/24 00:55:49 adunstan Exp $ * $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.112 2006/02/24 02:02:41 adunstan Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -95,9 +95,6 @@ static char *authmethod = "";
static bool debug = false; static bool debug = false;
static bool noclean = false; static bool noclean = false;
static bool show_setting = false; static bool show_setting = false;
#ifdef WIN32
static bool restricted_exec = false;
#endif
/* internal vars */ /* internal vars */
@ -2428,9 +2425,6 @@ main(int argc, char *argv[])
{"auth", required_argument, NULL, 'A'}, {"auth", required_argument, NULL, 'A'},
{"pwprompt", no_argument, NULL, 'W'}, {"pwprompt", no_argument, NULL, 'W'},
{"pwfile", required_argument, NULL, 9}, {"pwfile", required_argument, NULL, 9},
#ifdef WIN32
{"restrictedexec", no_argument, NULL, 10},
#endif
{"username", required_argument, NULL, 'U'}, {"username", required_argument, NULL, 'U'},
{"help", no_argument, NULL, '?'}, {"help", no_argument, NULL, '?'},
{"version", no_argument, NULL, 'V'}, {"version", no_argument, NULL, 'V'},
@ -2450,6 +2444,9 @@ main(int argc, char *argv[])
* environment */ * environment */
char bin_dir[MAXPGPATH]; char bin_dir[MAXPGPATH];
char *pg_data_native; char *pg_data_native;
#ifdef WIN32
char *restrict_env;
#endif
static const char *subdirs[] = { static const char *subdirs[] = {
"global", "global",
"pg_xlog", "pg_xlog",
@ -2540,11 +2537,6 @@ main(int argc, char *argv[])
case 9: case 9:
pwfilename = xstrdup(optarg); pwfilename = xstrdup(optarg);
break; break;
#ifdef WIN32
case 10:
restricted_exec = true;
break;
#endif
case 's': case 's':
show_setting = true; show_setting = true;
break; break;
@ -2556,6 +2548,7 @@ main(int argc, char *argv[])
} }
} }
/* Non-option argument specifies data directory */ /* Non-option argument specifies data directory */
if (optind < argc) if (optind < argc)
{ {
@ -2644,16 +2637,18 @@ main(int argc, char *argv[])
* Before we execute another program, make sure that we are running with a * Before we execute another program, make sure that we are running with a
* restricted token. If not, re-execute ourselves with one. * restricted token. If not, re-execute ourselves with one.
*/ */
if (!restricted_exec)
if ((restrict_env = getenv("PG_RESTRICT_EXEC")) == NULL
|| strcmp(restrict_env,"1") != 0)
{ {
PROCESS_INFORMATION pi; PROCESS_INFORMATION pi;
char *cmdline; char *cmdline;
ZeroMemory(&pi, sizeof(pi)); ZeroMemory(&pi, sizeof(pi));
cmdline = pg_malloc(strlen(GetCommandLine()) + 19); cmdline = xstrdup(GetCommandLine());
strcpy(cmdline, GetCommandLine());
strcat(cmdline, " --restrictedexec"); putenv("PG_RESTRICT_EXEC=1");
if (!CreateRestrictedProcess(cmdline, &pi)) if (!CreateRestrictedProcess(cmdline, &pi))
{ {