Re: Securing "make check" (CVE-2014-0067)
Christoph Berg <cb@df7cb.de>
From: Christoph Berg <cb@df7cb.de>
To: Noah Misch <noah@leadboat.com>
Cc: pgsql-hackers@postgresql.org, Tom Lane <tgl@sss.pgh.pa.us>,
Bruce Momjian <bruce@momjian.us>, Peter Eisentraut <peter_e@gmx.net>
Date: 2014-07-08T17:02:04Z
Lists: pgsql-hackers
Re: Noah Misch 2014-06-08 <20140608135713.GA525142@tornado.leadboat.com> > Here's an update that places the socket in a temporary subdirectory of /tmp. > The first attached patch adds NetBSD mkdtemp() to libpgport. The second, > principal, patch uses mkdtemp() to implement this design in pg_regress. The > corresponding change to contrib/pg_upgrade/test.sh is based on the "configure" > script's arrangements for its temporary directory. Hi, I believe pg_upgrade itself still needs a fix. While it's not a security problem to put the socket in $CWD while upgrading (it is using -c unix_socket_permissions=0700), this behavior is pretty unexpected, and does fail if your $CWD is > 107 bytes. In f545d233ebce6971b6f9847680e48b679e707d22 Peter fixed the pg_ctl perl tests to avoid that problem, so imho it would make even more sense to fix pg_upgrade which could also fail in production. This has been discussed here and elsewhere [1] before, but was rejected as not being in line what the other utilities do, but now pg_upgrade is the lone outlier. Noah's changes let Debian drop 4 out of 5 pg_regress-sockdir patches, having this fixed would also let us get rid of the last one [2]. [1] http://lists.debian.org/debian-wb-team/2013/05/msg00015.html [2] https://alioth.debian.org/scm/loggerhead/pkg-postgresql/postgresql-9.5/trunk/view/head:/debian/patches/64-pg_upgrade-sockdir Christoph -- cb@df7cb.de | http://www.df7cb.de/
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Have config_sspi_auth() permit IPv6 localhost connections.
- 8d9cb0bc4834 9.5.0 cited
-
Lock down regression testing temporary clusters on Windows.
- f6dc6dd5ba54 9.5.0 cited
-
Use a separate temporary directory for the Unix-domain socket
- f545d233ebce 9.5.0 cited
-
Secure Unix-domain sockets of "make check" temporary clusters.
- be76a6d39e28 9.5.0 cited