Re: Securing "make check" (CVE-2014-0067)

Noah Misch <noah@leadboat.com>

From: Noah Misch <noah@leadboat.com>
To: Alvaro Herrera <alvherre@2ndquadrant.com>
Cc: pgsql-hackers@postgresql.org
Date: 2014-03-01T16:24:46Z
Lists: pgsql-hackers
On Sat, Mar 01, 2014 at 12:48:08PM -0300, Alvaro Herrera wrote:
> I didn't check the patch in detail, but it seems to me that both the
> encode stuff as well as pgrand belong in src/common rather than
> src/port.

Since src/common exists only in 9.3 and up, that would mean putting them in
different libraries depending on the branch.  I did not think that worthwhile.

-- 
Noah Misch
EnterpriseDB                                 http://www.enterprisedb.com


Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Have config_sspi_auth() permit IPv6 localhost connections.

  2. Lock down regression testing temporary clusters on Windows.

  3. Use a separate temporary directory for the Unix-domain socket

  4. Secure Unix-domain sockets of "make check" temporary clusters.