| From: | Martin Pitt <martin(at)piware(dot)de> |
|---|---|
| To: | PostgreSQL Bugs <pgsql-bugs(at)postgresql(dot)org> |
| Cc: | 291962(at)bugs(dot)debian(dot)org |
| Subject: | Insecure temporary file usage in developer/build tools |
| Date: | 2005-01-24 21:57:49 |
| Message-ID: | 20050124215749.GA3676@box79162.elkhouse.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Hi PostgreSQL developers!
Debian's security audit team recently reviewed PostgreSQL for insecure
temporary file usage and found that a lot of the developer tools and
also some build tools are vulnerable against symlink attacks.
Please see
for the detailled report and a proposed patch. However, the patch
mostly relies on mktemp and/or tempfile, which might not be available
on all platforms that PostgreSQL supports, so the patch should be
regarded as a pointer to the issues, not as their solution.
In many cases the usage of a temporary file is not necessary in the
first place and can be replaced by piping (as I did with
src/test/bench/perquery) or "OUTPUT=$(program args)" constructs. If
neither is possible, then the script should at least be run with "set
-o noclobber" (or "#!/bin/sh -C", which does the same).
Apart from the Debian-specific issues of the bug report (which I
already fixed), the following files were found to be vulnerable:
Used in build, fixed for Debian (see attached patch):
postgresql-7.4.6/src/backend/catalog/genbki.sh
postgresql-7.4.6/src/test/bench/perquery
Not shipped in the Debian package, since it is useless:
postgresql-7.4.6/contrib/pg_upgrade/pg_upgrade
Not used anywhere in the source, not fixed in Debian package:
postgresql-7.4.6/src/include/catalog/duplicate_oids
postgresql-7.4.6/src/tools/ccsym
postgresql-7.4.6/src/tools/find_static
postgresql-7.4.6/src/tools/make_ctags
postgresql-7.4.6/src/tools/make_etags
postgresql-7.4.6/src/tools/pgtest
postgresql-7.4.6/src/tools/pginclude/pgcompinclude
postgresql-7.4.6/src/tools/pginclude/pgdefine
postgresql-7.4.6/src/tools/pginclude/pgfixinclude
postgresql-7.4.6/src/tools/pginclude/pgrminclude
postgresql-7.4.6/src/tools/pgindent/pgcppindent
postgresql-7.4.6/src/tools/pgindent/pgindent
postgresql-7.4.6/src/tools/pgindent/pgjindent
postgresql-7.4.6/contrib/tools/add-emacs-variables
Most of the tools are irrelevant for the sake of package building and
shipping, but they might be commonly used on PostgreSQL developer's
machines, so it might be a good idea to fix then eventually.
Thanks for considering and for your great work and have a nice day!
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian GNU/Linux Developer http://www.debian.org
| Attachment | Content-Type | Size |
|---|---|---|
| 15secure_tempfiles | text/plain | 1.4 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2005-01-24 22:21:03 | Re: BUG #1435: Optimizer not using index on large tables when inner joining two views |
| Previous Message | Magnus Hagander | 2005-01-24 21:20:26 | Re: BUG #1428: SHGetSpecialFolderPath not found in SHELL32.dll |