Skip site navigation (1) Skip section navigation (2)

Re: pgsql/src/bin/initdb initdb.sh

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Peter Eisentraut - PostgreSQL <petere(at)hub(dot)org>
Cc: pgsql-committers(at)postgresql(dot)org
Subject: Re: pgsql/src/bin/initdb initdb.sh
Date: 2001-06-23 23:50:31
Message-ID: 200106232350.f5NNoV215724@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-committerspgsql-hackers
> CVSROOT:	/home/projects/pgsql/cvsroot
> Module name:	pgsql
> Changes by:	petere(at)hub(dot)org	01/06/23 19:29:48
> 
> Modified files:
> 	src/bin/initdb : initdb.sh 
> 
> Log message:
> 	Don't use a temp file.  It was created insecurely and was easy to do without.

This brings up a question.  If I have pid 333 and someone creates a file
world-writable called /tmp/333, and I go and do:

	cat file >/tmp/$$

isn't another user now able to modify those temp file contents.  Is that
the insecurity you mentioned Peter, and if so, how do you prevent this?

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2001-06-24 00:47:28
Subject: Re: [PATCH] Re: Setuid functions
Previous:From: btobackDate: 2001-06-23 23:37:37
Subject: Instrumenting and Logging in JDBC

pgsql-committers by date

Next:From: Bruce Momjian - CVSDate: 2001-06-24 02:41:21
Subject: pgsql/src backend/parser/parse_coerce.c backen ...
Previous:From: Peter Eisentraut - PostgreSQLDate: 2001-06-23 23:29:48
Subject: pgsql/src/bin/initdb initdb.sh

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group