Re: Possible make_oidjoins_check Security Issue
Bruce Momjian <pgman@candle.pha.pa.us>
From: Bruce Momjian <pgman@candle.pha.pa.us>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Neil Conway <neilc@samurai.com>, Rod Taylor <pg@rbt.ca>, PostgreSQL Development <pgsql-hackers@postgresql.org>
Date: 2004-10-26T14:47:40Z
Lists: pgsql-hackers
Tom Lane wrote: > Neil Conway <neilc@samurai.com> writes: > > On Wed, 2004-10-20 at 06:18, Rod Taylor wrote: > >> http://secunia.com/advisories/12860/ > > > This seems like a rather inconsequential problem, > > Indeed, since ordinary users have no use for make_oidjoins_check. > It's surely very implausible that anyone would run it as root; and > even if someone did, the attacker cannot control what gets written. > > > but it should be fixed. The first two ideas that come to mind: use > > temporary files in $PWD rather than /tmp, or create a subdirectory in > > /tmp to use for the temporary files. > > I believe that the subdirectory idea is also vulnerable without great > care. I believe the proper way to handle this is a new directory under /tmp. I use this in my local scripts: TMP=/tmp/$$ OMASK="`umask`" umask 077 if ! mkdir "$TMP" then echo "Can't create temporary directory $TMP." 1>&2 exit 1 fi umask "$OMASK" unset OMASK It basically makes sure it creates a new directory under /tmp with a umask that guarantees no one else can create a file in that directory. All temp files are accessed as $TMP/XXX. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073