Re: [HACKERS] Possible make_oidjoins_check Security Issue
Bruce Momjian <pgman@candle.pha.pa.us>
From: Bruce Momjian <pgman@candle.pha.pa.us>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Neil Conway <neilc@samurai.com>, Rod Taylor <pg@rbt.ca>, PostgreSQL-patches <pgsql-patches@postgresql.org>
Date: 2004-11-03T23:07:19Z
Lists: pgsql-hackers
Tom Lane wrote: > Bruce Momjian <pgman@candle.pha.pa.us> writes: > > From a public relations perspective and a code reuse perspective I think > > we should create temporary tables securely. The attached applied patch > > fixes contrib/findoidjoins/make_oidjoins_check. > > ... and creates issues of its own, such as attempting an rm -rf on > something that it shouldn't. At the very least don't install the trap > until after creating the directory successfully. OK, moved. > I really think this is a waste of time though. The current code creates > the temp files in the current directory, and if the bad guy has write > access on that directory you are already screwed (for instance, what's > to stop him from altering the script file itself to do anything at all > when you run it?). I do not think that putting stuff back into /tmp is > an improvement; that just adds risks where none exist now. My method is secure, and I think we do have to handle this in a way that addresses the security concerns. It is easy to say no one would run this under normal use but that isn't really a safe answer for the security folks, I think. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073