From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
---|---|
To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgreSQL(dot)org> |
Subject: | Re: [COMMITTERS] pgsql/src/bin/initdb initdb.sh |
Date: | 2001-06-25 17:01:15 |
Message-ID: | Pine.LNX.4.30.0106251859210.724-100000@peter.localdomain |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers pgsql-hackers |
Bruce Momjian writes:
> > To securely create a temp file in shell you need to use mktemp(1), or do
> > something like (umask 077 && mkdir $TMPDIR/$$) to create a subdirectory.
> > Needless to say, it's tricky.
>
> Wow, that symlink is a bad one. I don't see mktemp(1) on bsd/os, only
> mktemp(3). I do see it on FreeBSD.
>
> Good thing I don't have other shell users on my system. I do cat
> >/tmp/$$ all the time in scripts.
I see we have temp file vulnerabilities in genbki.sh and Gen_fmgrtab.sh as
well. I'll try to fix them.
--
Peter Eisentraut peter_e(at)gmx(dot)net http://funkturm.homeip.net/~peter
From | Date | Subject | |
---|---|---|---|
Next Message | Vince Vielhaber | 2001-06-25 18:43:20 | [WEBMASTER] 'www/html devel-contrib.html' |
Previous Message | Vince Vielhaber | 2001-06-25 16:45:44 | [WEBMASTER] 'www/html devel-contrib.html' |
From | Date | Subject | |
---|---|---|---|
Next Message | Hannu Krosing | 2001-06-25 17:19:25 | Re: Multi-entry indexes (with a view to XPath queries) |
Previous Message | Peter Eisentraut | 2001-06-25 16:34:03 | Re: AW: AW: AW: [PATCH] Re: Setuid functions |