Re: [HACKERS] Possible make_oidjoins_check Security Issue
Bruce Momjian <pgman@candle.pha.pa.us>
From: Bruce Momjian <pgman@candle.pha.pa.us>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Neil Conway <neilc@samurai.com>, Rod Taylor <pg@rbt.ca>, PostgreSQL-patches <pgsql-patches@postgresql.org>
Date: 2004-11-03T22:45:59Z
Lists: pgsql-hackers
Attachments
- (unnamed) (text/plain)
Tom Lane wrote: > Bruce Momjian <pgman@candle.pha.pa.us> writes: > > I believe the proper way to handle this is a new directory under /tmp. > > It's definitely not worth the trouble. I looked at what configure does > to make /tmp subdirectories portably, and it is spectacularly ugly > (not to mention long). If make_oidjoins_check were a user-facing tool > that would be one thing, but it isn't ... From a public relations perspective and a code reuse perspective I think we should create temporary tables securely. The attached applied patch fixes contrib/findoidjoins/make_oidjoins_check. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073