Re: Securing "make check" (CVE-2014-0067)
Andrew Dunstan <andrew@dunslane.net>
From: Andrew Dunstan <andrew@dunslane.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Magnus Hagander <magnus@hagander.net>, Noah Misch <noah@leadboat.com>,
PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2014-03-01T22:51:46Z
Lists: pgsql-hackers
On 03/01/2014 05:10 PM, Tom Lane wrote: > > One other thought here: is it actually reasonable to expend a lot of effort > on the Windows case? I'm not aware that people normally expect a Windows > box to have multiple users at all, let alone non-mutually-trusting users. As Stephen said, it's fairly unusual. There are usually quite a few roles, but it's rare to have more than one "human" type role connected to the machine at a given time. I'd be happy doing nothing in this case, or not very much. e.g. provide a password but not with great cryptographic strength. > > BTW, a different problem with the proposed patch is that it changes > some test cases in ecpg and contrib/dblink, apparently to avoid session > reconnections. That seems likely to me to be losing test coverage. > Perhaps there is no alternative, but I'd like to have some discussion > around that point as well. > > Yeah. Assuming we make the changes you're suggesting that should no longer be necessary, right? cheers andrew
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Have config_sspi_auth() permit IPv6 localhost connections.
- 8d9cb0bc4834 9.5.0 cited
-
Lock down regression testing temporary clusters on Windows.
- f6dc6dd5ba54 9.5.0 cited
-
Use a separate temporary directory for the Unix-domain socket
- f545d233ebce 9.5.0 cited
-
Secure Unix-domain sockets of "make check" temporary clusters.
- be76a6d39e28 9.5.0 cited