Re: About pg_upgrade

> > Still not sure about those temp files. People like to see a possible
> > exploit in every temp file.
>
> Well, yes, if you get the pid, you can create symlink files in /tmp and
> overwrite things. How do I handle this properly, probably a directory
> in /tmp that I create but I have to set my umask first -- is that a
> plan?

Forget what I said, you don't need to change the umask, just do:

trap "rm -rf /tmp/$$" 0 1 2 3 15
mkdir /tmp/$$ || exit 1

and you call all your temp files /tmp/$$/XXX, right? Once you create
the directory, you own it and no one else can write into there.

I just did a Google search and no one came up with this idea, though I
believe X11 uses /tmp directories for this exact reason, right?

I finally found one mention of it: Seems Suse uses it, but they did
'mkdir -p' which doesn't return an error if it fails so it was a
security problem itself:

http://groups.google.com/groups?q=tmp+security+race+directory+script+mkdir&hl=en&selm=bugtraq/Pine.LNX.4.30.0101170202040.15609-100000%40dent.suse.de&rnum=1

I just looked in /usr/bin on BSD/OS and found a whole bunch that do the
insecure /tmp/$$ trick I currently do in pg_upgrade:

#$ file `grep -l '\$\$' *` | grep shell
cvsbug: Bourne shell script text
igawk: Bourne shell script text
lorder: Bourne shell script text
mkdep: Bourne shell script text
pppattach: Korn shell script text
rcsfreeze: Bourne shell script text
sendbug: Bourne shell script text
uupick: Bourne shell script text

For example, cvsbug does:

[ -z "$TMPDIR" ] && TMPDIR=/tmp

TEMP=$TMPDIR/p$$
BAD=$TMPDIR/pbad$$
REF=$TMPDIR/pf$$

Bet everyone has that one on their system. :-)

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026