From: | Christoph Berg <cb(at)df7cb(dot)de> |
---|---|
To: | Bruce Momjian <bruce(at)momjian(dot)us>, Noah Misch <noah(at)leadboat(dot)com>, pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net> |
Subject: | Re: Securing "make check" (CVE-2014-0067) |
Date: | 2014-07-11 09:40:09 |
Message-ID: | 20140711094009.GB3115@msg.df7cb.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Re: To Bruce Momjian 2014-07-11 <20140711093923(dot)GA3115(at)msg(dot)df7cb(dot)de>
> Re: Bruce Momjian 2014-07-08 <20140708202114(dot)GD9466(at)momjian(dot)us>
> > > > > I believe pg_upgrade itself still needs a fix. While it's not a
> > > > > security problem to put the socket in $CWD while upgrading (it is
> > > > > using -c unix_socket_permissions=0700), this behavior is pretty
> > > > > unexpected, and does fail if your $CWD is > 107 bytes.
> > > > >
> > > > > In f545d233ebce6971b6f9847680e48b679e707d22 Peter fixed the pg_ctl
> > > > > perl tests to avoid that problem, so imho it would make even more
> > > > > sense to fix pg_upgrade which could also fail in production.
> > > >
> > > > +1. Does writing that patch interest you?
> > >
> > > I'll give it a try once I've finished this CF review.
> >
> > OK. Let me know if you need help.
>
> Here's the patch. Proposed commit message:
>
> Create pg_upgrade sockets in temp directories
>
> pg_upgrade used to use the current directory for UNIX sockets to
> access the old/new cluster. This fails when the current path is
> > 107 bytes. Fix by reusing the tempdir code from pg_regress
> introduced in be76a6d39e2832d4b88c0e1cc381aa44a7f86881. For cleanup,
> we need to remember up to two directories.
Uh... now really.
Christoph
--
cb(at)df7cb(dot)de | http://www.df7cb.de/
Attachment | Content-Type | Size |
---|---|---|
pg_upgrade_socket_in_tmp.patch | text/x-diff | 4.5 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Sawada Masahiko | 2014-07-11 09:43:43 | Re: add line number as prompt option to psql |
Previous Message | Christoph Berg | 2014-07-11 09:39:23 | Re: Securing "make check" (CVE-2014-0067) |