ayaports/backports/postgresql15/unix_socket_directories.patch

29 lines
1.1 KiB
Diff

Using /tmp for sockets allows everyone to spoof a PostgreSQL server. Thus use
/run/postgresql/ for "system" clusters which run as 'postgres' (user
clusters will still use /tmp). Since system cluster are by far the common case,
set it as default.
This is inspired by Fedora and Debian patches.
--- a/src/backend/utils/misc/postgresql.conf.sample
+++ b/src/backend/utils/misc/postgresql.conf.sample
@@ -63,7 +63,7 @@
#port = 5432 # (change requires restart)
#max_connections = 100 # (change requires restart)
#superuser_reserved_connections = 3 # (change requires restart)
-#unix_socket_directories = '/tmp' # comma-separated list of directories
+unix_socket_directories = '/run/postgresql' # comma-separated list of directories
# (change requires restart)
#unix_socket_group = '' # (change requires restart)
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
--- a/src/include/pg_config_manual.h
+++ b/src/include/pg_config_manual.h
@@ -201,7 +201,7 @@
* support them yet.
*/
#ifndef WIN32
-#define DEFAULT_PGSOCKET_DIR "/tmp"
+#define DEFAULT_PGSOCKET_DIR "/run/postgresql"
#else
#define DEFAULT_PGSOCKET_DIR ""
#endif