Re: Securing "make check" (CVE-2014-0067)
james <james@mansionfamily.plus.com>
From: james <james@mansionfamily.plus.com>
To: Magnus Hagander <magnus@hagander.net>, Noah Misch <noah@leadboat.com>
Cc: Andrew Dunstan <andrew@dunslane.net>, Tom Lane <tgl@sss.pgh.pa.us>,
PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2014-03-02T18:54:06Z
Lists: pgsql-hackers
On 02/03/2014 15:30, Magnus Hagander wrote: > Terminal Services have definitely become more common over time, but > with faster and cheaper virtualization, a lot of people have switched > to that instead, which would remove the problem of course. > > I wonder how common it actually is, though, to *build postgres* on a > terminal services machine with other users on it... > Well, the banks I've contracted at recently are all rather keen on virtual desktops for developers, and some of those are terminal services. We're a headache, and packaging up all the things we need is a pain, so there is some mileage in buying grunty servers and doing specific installs that are then shared, rather than making an MSI generally available. Also I have experience of being given accounts for jenkins etc that are essentially terminal services logins, and having these things unable to maintain a software stack can effectively disqualify tech we would otherwise use.
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Have config_sspi_auth() permit IPv6 localhost connections.
- 8d9cb0bc4834 9.5.0 cited
-
Lock down regression testing temporary clusters on Windows.
- f6dc6dd5ba54 9.5.0 cited
-
Use a separate temporary directory for the Unix-domain socket
- f545d233ebce 9.5.0 cited
-
Secure Unix-domain sockets of "make check" temporary clusters.
- be76a6d39e28 9.5.0 cited