Re: Securing "make check" (CVE-2014-0067)

Andrew Dunstan <andrew@dunslane.net>

From: Andrew Dunstan <andrew@dunslane.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Noah Misch <noah@leadboat.com>, Magnus Hagander <magnus@hagander.net>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2014-03-02T20:12:27Z
Lists: pgsql-hackers
On 03/02/2014 01:27 PM, Tom Lane wrote:

> Also, to what extent does any of this affect buildfarm animals?  Whatever
> we do for "make check" will presumably make those tests safe for them,
> but how are the postmasters they test under "make installcheck" set up?
>

Nothing special.

    "bin/initdb" -U buildfarm --locale=$locale data-$locale
    ...
    "bin/pg_ctl" -D data-$locale -l logfile -w start


We have wide control over what's done, just let me know what's wanted. 
For example, it would be pretty simple to make it use a non-standard 
socket directory and turn tcp connections off on Unix, or to set up 
password auth for that matter, assuming we already have a strong password.

I generally assume that people aren't running buildfarm animals on 
general purpose multi-user machines, but it might be as well to take 
precautions.

cheers

andrew



Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Have config_sspi_auth() permit IPv6 localhost connections.

  2. Lock down regression testing temporary clusters on Windows.

  3. Use a separate temporary directory for the Unix-domain socket

  4. Secure Unix-domain sockets of "make check" temporary clusters.