Re: Securing "make check" (CVE-2014-0067)
Noah Misch <noah@leadboat.com>
From: Noah Misch <noah@leadboat.com>
To: Christoph Berg <cb@df7cb.de>
Cc: pgsql-hackers@postgresql.org, Tom Lane <tgl@sss.pgh.pa.us>,
Bruce Momjian <bruce@momjian.us>, Peter Eisentraut <peter_e@gmx.net>
Date: 2014-07-08T17:41:25Z
Lists: pgsql-hackers
On Tue, Jul 08, 2014 at 07:02:04PM +0200, Christoph Berg wrote: > Re: Noah Misch 2014-06-08 <20140608135713.GA525142@tornado.leadboat.com> > > Here's an update that places the socket in a temporary subdirectory of /tmp. > > The first attached patch adds NetBSD mkdtemp() to libpgport. The second, > > principal, patch uses mkdtemp() to implement this design in pg_regress. The > > corresponding change to contrib/pg_upgrade/test.sh is based on the "configure" > > script's arrangements for its temporary directory. > > Hi, > > I believe pg_upgrade itself still needs a fix. While it's not a > security problem to put the socket in $CWD while upgrading (it is > using -c unix_socket_permissions=0700), this behavior is pretty > unexpected, and does fail if your $CWD is > 107 bytes. > > In f545d233ebce6971b6f9847680e48b679e707d22 Peter fixed the pg_ctl > perl tests to avoid that problem, so imho it would make even more > sense to fix pg_upgrade which could also fail in production. +1. Does writing that patch interest you? -- Noah Misch EnterpriseDB http://www.enterprisedb.com
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Have config_sspi_auth() permit IPv6 localhost connections.
- 8d9cb0bc4834 9.5.0 cited
-
Lock down regression testing temporary clusters on Windows.
- f6dc6dd5ba54 9.5.0 cited
-
Use a separate temporary directory for the Unix-domain socket
- f545d233ebce 9.5.0 cited
-
Secure Unix-domain sockets of "make check" temporary clusters.
- be76a6d39e28 9.5.0 cited