| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: CVE-2016-1238 fix breaks (at least) pg_rewind tests |
| Date: | 2016-09-08 21:04:40 |
| Message-ID: | 20160908210440.vs22nia2nportdxr@alap3.anarazel.de |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2016-09-08 17:58:03 -0300, Alvaro Herrera wrote:
> Andres Freund wrote:
>
> > ISTM that the easiest fix is to just tack -I '$(srcdir)' into the prove
> > flags like:
> > PROVE = @PROVE@
> > PG_PROVE_FLAGS = -I $(top_srcdir)/src/test/perl/ -I '$(srcdir)'
> > PROVE_FLAGS = --verbose
> >
> > I don't think there's any security concerns for us here.
>
> Maybe not, but we could just as well use -I$(top_srcdir)/src/test/perl
> and not have to think about it.
That doesn't fix the issue - RewindTest is in src/bin/pg_rewind for
example. There's already an -I for /src/test/perl.
> But we have other .pm's ... are there other things that would break once
> the fix for that problem propagates? I think the msvc stuff will break,
> for one.
check-world appears to mostly run (still doing so, but it's mostly
through everything relevant). I can't vouch for the windows stuff, and
the invocations indeed look vulnerable. I'm not sure if hte fix actually
matters on windows, given . is the default for pretty much everything
there.
Greetings,
Andres Freund
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2016-09-08 21:08:36 | Re: Re: GiST optimizing memmoves in gistplacetopage for fixed-size updates [PoC] |
| Previous Message | Alvaro Herrera | 2016-09-08 20:58:03 | Re: CVE-2016-1238 fix breaks (at least) pg_rewind tests |