Quick Links

Re: Securing "make check" (CVE-2014-0067)

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Noah Misch <noah(at)leadboat(dot)com>
Cc:	Andrew Dunstan <andrew(at)dunslane(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: Securing "make check" (CVE-2014-0067)
Date:	2014-03-03 06:29:00
Message-ID:	15470.1393828140@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Noah Misch <noah(at)leadboat(dot)com> writes:
> Concerning the immediate fix for non-Windows systems, does any modern system
> ignore modes of Unix domain sockets? It appears to be a long-fixed problem:

What I was envisioning was that we'd be relying on the permissions of the
containing directory to keep out bad guys. Permissions on the socket
itself might be sufficient, but what does it save us to assume that?

regards, tom lane

In response to

Re: Securing "make check" (CVE-2014-0067) at 2014-03-02 22:38:38 from Noah Misch

Responses

Re: Securing "make check" (CVE-2014-0067) at 2014-03-03 07:50:21 from Stephen Frost
Re: Securing "make check" (CVE-2014-0067) at 2014-03-04 00:53:21 from Noah Misch

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Ronan Dunklau	2014-03-03 06:48:04	Re: Triggers on foreign tables
Previous Message	Pavel Stehule	2014-03-03 05:09:02	Re: proposal, patch: allow multiple plpgsql plugins