projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
16053: Use setuidgid instead of sudo to drop privileges.
[arvados.git] / lib / boot / postgresql.go
diff --git a/lib/boot/postgresql.go b/lib/boot/postgresql.go
index a08180e0c39a51ad685c08fdb16707605fd33b20..df90f36af759d41f1d582aff217bce0ee1fed145 100644 (file)
--- a/lib/boot/postgresql.go
+++ b/lib/boot/postgresql.go
@@ -81,8 +81,13 @@ func (runPostgreSQL) Run(ctx context.Context, fail func(error), super *Superviso
                if err != nil {
                        return err
                }
-               args = append([]string{"-u", "postgres", prog}, args...)
-               prog = "sudo"
+               // We can't use "sudo -u" here because it creates an
+               // intermediate process that interferes with our
+               // ability to reliably kill postgres. The setuidgid
+               // program just calls exec without forking, so it
+               // doesn't have this problem.
+               args = append([]string{"postgres", prog}, args...)
+               prog = "setuidgid"
        }
        err = super.RunProgram(ctx, super.tempdir, nil, nil, prog, args...)
        if err != nil {
@@ -112,8 +117,8 @@ func (runPostgreSQL) Run(ctx context.Context, fail func(error), super *Superviso
                        "-p", super.cluster.PostgreSQL.Connection["port"],
                }
                if iamroot {
-                       args = append([]string{"-u", "postgres", prog}, args...)
-                       prog = "sudo"
+                       args = append([]string{"postgres", prog}, args...)
+                       prog = "setuidgid"
                }
                fail(super.RunProgram(ctx, super.tempdir, nil, nil, prog, args...))
        }()