Re: Securing "make check" (CVE-2014-0067)

Noah Misch <noah@leadboat.com>

From: Noah Misch <noah@leadboat.com>
To: PostgreSQL-development <pgsql-hackers@postgresql.org>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Andrew Dunstan <andrew@dunslane.net>, Magnus Hagander <magnus@hagander.net>
Date: 2014-03-04T15:09:27Z
Lists: pgsql-hackers
On Sun, Mar 02, 2014 at 05:38:38PM -0500, Noah Misch wrote:
> Concerning the immediate fix for non-Windows systems, does any modern system
> ignore modes of Unix domain sockets?  It appears to be a long-fixed problem:
> 
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1402
> http://unix.stackexchange.com/questions/83032/which-systems-do-not-honor-socket-read-write-permissions
> 
> Nonetheless, it would be helpful for folks to test any rare platforms they
> have at hand.  Start a postmaster with --unix-socket-permissions=0000 and
> attempt to connect via local socket.  If psql gives something other than
> "psql: could not connect to server: Permission denied", please report it.

Some results are in.  Both Solaris 10 and omnios-6de5e81 (OmniOS v11 r151008)
ignore socket modes.  That justifies wrapping the socket in a directory.

-- 
Noah Misch
EnterpriseDB                                 http://www.enterprisedb.com


Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Have config_sspi_auth() permit IPv6 localhost connections.

  2. Lock down regression testing temporary clusters on Windows.

  3. Use a separate temporary directory for the Unix-domain socket

  4. Secure Unix-domain sockets of "make check" temporary clusters.