Re: Support custom socket directory in pg_upgrade

From: Noah Misch <noah(at)leadboat(dot)com>
To: Daniel Gustafsson <daniel(at)yesql(dot)se>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: Support custom socket directory in pg_upgrade
Date: 2018-12-07 07:10:08
Views: Raw Message | Whole Thread | Download mbox
Lists: pgsql-hackers

On Sat, Nov 17, 2018 at 10:15:08PM +0100, Daniel Gustafsson wrote:
> > On 15 Nov 2018, at 22:42, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > Further point about that: pg_regress's method of creating a temp
> > directory under /tmp is secure only on machines with the stickybit
> > set on /tmp; otherwise it's possible for an attacker to rename the
> > temp dir out of the way and inject his own socket. We agreed that
> > that was an okay risk to take for testing purposes, but I'm much
> > less willing to assume that it's okay for production use with
> > pg_upgrade.
> That’s a good point, it’s not an assumption I’d be comfortable with when it
> deals with system upgrades.

As in, I
maintain that insecure /tmp is not worth worrying about in any part of

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2018-12-07 07:15:08 Re: Should new partitions inherit their tablespace from their parent?
Previous Message myungkyu.lim 2018-12-07 06:45:59 RE: [Todo item] Add entry creation timestamp column to pg_stat_replication