Re: Securing "make check" (CVE-2014-0067)

Bruce Momjian <bruce@momjian.us>

From: Bruce Momjian <bruce@momjian.us>
To: Noah Misch <noah@leadboat.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, pgsql-hackers@postgresql.org
Date: 2014-03-05T00:10:27Z
Lists: pgsql-hackers
On Sat, Mar  1, 2014 at 01:35:45PM -0500, Noah Misch wrote:
> Having that said, I can appreciate the value of tightening the socket mode for
> a bit of *extra* safety:
> 
> --- a/src/test/regress/pg_regress.c
> +++ b/src/test/regress/pg_regress.c
> @@ -2299,4 +2299,5 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc
>  		fputs("\n# Configuration added by pg_regress\n\n", pg_conf);
>  		fputs("max_prepared_transactions = 2\n", pg_conf);
> +		fputs("unix_socket_permissions = 0700\n", pg_conf);

Pg_upgrade has this exact same problem, and take the same approach.  You
might want to look in pg_upgrade/server.c.

-- 
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + Everyone has their own god. +


Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Have config_sspi_auth() permit IPv6 localhost connections.

  2. Lock down regression testing temporary clusters on Windows.

  3. Use a separate temporary directory for the Unix-domain socket

  4. Secure Unix-domain sockets of "make check" temporary clusters.