Re: Securing "make check" (CVE-2014-0067)
YAMAMOTO Takashi <yamt@netbsd.org>
From: yamt@netbsd.org (YAMAMOTO Takashi)
To: noah@leadboat.com
Cc: bruce@momjian.us, tgl@sss.pgh.pa.us, pgsql-hackers@postgresql.org
Date: 2014-04-04T02:36:05Z
Lists: pgsql-hackers
> Thanks. To avoid socket path length limitations, I lean toward placing the > socket temporary directory under /tmp rather than placing under the CWD: > > http://www.postgresql.org/message-id/flat/20121129223632.GA15016@tornado.leadboat.com openvswitch has some tricks to overcome the socket path length limitation using symlink. (or procfs where available) iirc these were introduced for debian builds which use deep CWD. http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob;f=lib/socket- util.c;h=aa0c7196da9926de38b7388b8e28ead12e12913e;hb=HEAD look at shorten_name_via_symlink and shorten_name_via_proc. YAMAMOTO Takashi
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Have config_sspi_auth() permit IPv6 localhost connections.
- 8d9cb0bc4834 9.5.0 cited
-
Lock down regression testing temporary clusters on Windows.
- f6dc6dd5ba54 9.5.0 cited
-
Use a separate temporary directory for the Unix-domain socket
- f545d233ebce 9.5.0 cited
-
Secure Unix-domain sockets of "make check" temporary clusters.
- be76a6d39e28 9.5.0 cited