Re: [HACKERS] Possible make_oidjoins_check Security Issue

Bruce Momjian <pgman@candle.pha.pa.us>

From: Bruce Momjian <pgman@candle.pha.pa.us>
To: Bruce Momjian <pgman@candle.pha.pa.us>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Neil Conway <neilc@samurai.com>, Rod Taylor <pg@rbt.ca>, PostgreSQL-patches <pgsql-patches@postgresql.org>
Date: 2004-11-03T22:53:22Z
Lists: pgsql-hackers
Bruce Momjian wrote:
> Tom Lane wrote:
> > Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > > I believe the proper way to handle this is a new directory under /tmp. 
> > 
> > It's definitely not worth the trouble.  I looked at what configure does
> > to make /tmp subdirectories portably, and it is spectacularly ugly
> > (not to mention long).  If make_oidjoins_check were a user-facing tool
> > that would be one thing, but it isn't ...
> 
> >From a public relations perspective and a code reuse perspective I think
> we should create temporary tables securely.  The attached applied patch

                             ^^^^^^
                              files

> fixes contrib/findoidjoins/make_oidjoins_check.

Sorry, meant temporary files.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073