| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Neil Conway <neilc(at)samurai(dot)com>, Rod Taylor <pg(at)rbt(dot)ca>, PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: [HACKERS] Possible make_oidjoins_check Security Issue |
| Date: | 2004-11-03 22:55:33 |
| Message-ID: | 17913.1099522533@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> From a public relations perspective and a code reuse perspective I think
> we should create temporary tables securely. The attached applied patch
> fixes contrib/findoidjoins/make_oidjoins_check.
... and creates issues of its own, such as attempting an rm -rf on
something that it shouldn't. At the very least don't install the trap
until after creating the directory successfully.
I really think this is a waste of time though. The current code creates
the temp files in the current directory, and if the bad guy has write
access on that directory you are already screwed (for instance, what's
to stop him from altering the script file itself to do anything at all
when you run it?). I do not think that putting stuff back into /tmp is
an improvement; that just adds risks where none exist now.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Hallgren | 2004-11-03 23:06:42 | Re: UPDATE is not allowed in a non-volatile function |
| Previous Message | Bruce Momjian | 2004-11-03 22:53:22 | Re: [HACKERS] Possible make_oidjoins_check Security Issue |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2004-11-03 23:07:19 | Re: [HACKERS] Possible make_oidjoins_check Security Issue |
| Previous Message | Bruce Momjian | 2004-11-03 22:53:22 | Re: [HACKERS] Possible make_oidjoins_check Security Issue |