| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut - PostgreSQL <petere(at)hub(dot)org> |
| Cc: | pgsql-committers(at)postgresql(dot)org |
| Subject: | Re: pgsql/src/bin/initdb initdb.sh |
| Date: | 2001-06-23 23:50:31 |
| Message-ID: | 200106232350.f5NNoV215724@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
> CVSROOT: /home/projects/pgsql/cvsroot
> Module name: pgsql
> Changes by: petere(at)hub(dot)org 01/06/23 19:29:48
>
> Modified files:
> src/bin/initdb : initdb.sh
>
> Log message:
> Don't use a temp file. It was created insecurely and was easy to do without.
This brings up a question. If I have pid 333 and someone creates a file
world-writable called /tmp/333, and I go and do:
cat file >/tmp/$$
isn't another user now able to modify those temp file contents. Is that
the insecurity you mentioned Peter, and if so, how do you prevent this?
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian - CVS | 2001-06-24 02:41:21 | pgsql/src backend/parser/parse_coerce.c backen ... |
| Previous Message | Peter Eisentraut - PostgreSQL | 2001-06-23 23:29:48 | pgsql/src/bin/initdb initdb.sh |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-06-24 00:47:28 | Re: [PATCH] Re: Setuid functions |
| Previous Message | btoback | 2001-06-23 23:37:37 | Instrumenting and Logging in JDBC |