Re: Securing "make check" (CVE-2014-0067)
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Noah Misch <noah@leadboat.com>
Cc: Andrew Dunstan <andrew@dunslane.net>,
Magnus Hagander <magnus@hagander.net>,
PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2014-03-04T02:07:42Z
Lists: pgsql-hackers
I wrote: > Placing the socket anywhere besides the default location will require > setting PGHOST anyway, so I don't see that this argument holds much water. > The cleanup aspect is likewise not that exciting; pg_regress creates a lot > of stuff it doesn't remove. There's another point here, if you think back to the discussion as it stood before we noticed that there was a security problem. What was originally under discussion was making life easier for packagers who want to build with a default socket location like /var/run/postgresql/. In a build environment, that directory may not exist, and even if it does, there is no way that the build user should have write permission on it. So it is already the case that some packagers have to override the socket location if they want to do "make check" while packaging, and what we were originally on about was making that part of the normal pg_regress procedures instead of being something requiring patching. So, whether or not unix_socket_permissions would be a bulletproof security fix by itself, I'd still want to see some provisions made for putting the socket into a local directory during "make check". regards, tom lane
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Have config_sspi_auth() permit IPv6 localhost connections.
- 8d9cb0bc4834 9.5.0 cited
-
Lock down regression testing temporary clusters on Windows.
- f6dc6dd5ba54 9.5.0 cited
-
Use a separate temporary directory for the Unix-domain socket
- f545d233ebce 9.5.0 cited
-
Secure Unix-domain sockets of "make check" temporary clusters.
- be76a6d39e28 9.5.0 cited