| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Noah Misch <noah(at)leadboat(dot)com> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Securing "make check" (CVE-2014-0067) |
| Date: | 2014-03-07 05:17:47 |
| Message-ID: | 1783.1394169467@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Noah Misch <noah(at)leadboat(dot)com> writes:
> On Thu, Mar 06, 2014 at 12:44:34PM -0500, Tom Lane wrote:
>> I'm inclined to suggest that we should put the socket under $CWD by
>> default, but provide some way for the user to override that choice.
>> If they want to put it in /tmp, it's on their head as to how secure
>> that is. On most modern platforms it'd be fine.
> I am skeptical about the value of protecting systems with non-sticky /tmp, but
> long $CWD isn't of great importance, either. I'm fine with your suggestion.
> Though the $CWD or one of its parents could be world-writable, that would
> typically mean an attacker could just replace the test cases directly.
If the build tree is world-writable, that is clearly Not Our Fault.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Craig Ringer | 2014-03-07 06:18:46 | Re: API change advice: Passing plan invalidation info from the rewriter into the planner? |
| Previous Message | Claudio Freire | 2014-03-07 05:17:03 | Re: atexit_callback can be a net negative |