Re: Securing "make check" (CVE-2014-0067)
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Noah Misch <noah@leadboat.com>
Cc: Bruce Momjian <bruce@momjian.us>, pgsql-hackers@postgresql.org
Date: 2014-03-06T17:44:34Z
Lists: pgsql-hackers
Noah Misch <noah@leadboat.com> writes: > Thanks. To avoid socket path length limitations, I lean toward placing the > socket temporary directory under /tmp rather than placing under the CWD: I'm not thrilled with that; it's totally insecure on platforms where /tmp isn't "sticky", so it doesn't seem like an appropriate solution given that this discussion is now being driven by security concerns. > http://www.postgresql.org/message-id/flat/20121129223632.GA15016@tornado.leadboat.com I re-read that thread. While we did fix the reporting end of it, ie the postmaster will now give you a clear failure message if your socket path is too long, that's going to be cold comfort to anyone who has to build in an environment they don't have much control over (such as my still-hypothetical-I-hope scenario about Red Hat package updates). I'm inclined to suggest that we should put the socket under $CWD by default, but provide some way for the user to override that choice. If they want to put it in /tmp, it's on their head as to how secure that is. On most modern platforms it'd be fine. regards, tom lane
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Have config_sspi_auth() permit IPv6 localhost connections.
- 8d9cb0bc4834 9.5.0 cited
-
Lock down regression testing temporary clusters on Windows.
- f6dc6dd5ba54 9.5.0 cited
-
Use a separate temporary directory for the Unix-domain socket
- f545d233ebce 9.5.0 cited
-
Secure Unix-domain sockets of "make check" temporary clusters.
- be76a6d39e28 9.5.0 cited