| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Noah Misch <noah(at)leadboat(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Securing "make check" (CVE-2014-0067) |
| Date: | 2014-03-03 07:50:21 |
| Message-ID: | 20140303075021.GG12995@tamriel.snowman.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Noah Misch <noah(at)leadboat(dot)com> writes:
> > Concerning the immediate fix for non-Windows systems, does any modern system
> > ignore modes of Unix domain sockets? It appears to be a long-fixed problem:
>
> What I was envisioning was that we'd be relying on the permissions of the
> containing directory to keep out bad guys. Permissions on the socket
> itself might be sufficient, but what does it save us to assume that?
Agreed- the general approach to this, from what I've seen, is to handle
it with the directory.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fabien COELHO | 2014-03-03 07:51:22 | Re: gaussian distribution pgbench |
| Previous Message | Tom Lane | 2014-03-03 07:00:23 | Re: Securing "make check" (CVE-2014-0067) |