| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Noah Misch <noah(at)leadboat(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Securing "make check" (CVE-2014-0067) |
| Date: | 2014-03-01 18:09:16 |
| Message-ID: | 5312224C.2080607@dunslane.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 03/01/2014 12:29 PM, Tom Lane wrote:
>
> In the case of Unix systems, there is a *far* simpler and more portable
> solution technique, which is to tell the test postmaster to put its socket
> in some non-world-accessible directory created by the test scaffolding.
+1 - I'm all for KISS.
>
> Of course that doesn't work for Windows, which is why we looked at the
> random-password solution. But I wonder whether we shouldn't use the
> nonstandard-socket-location approach everywhere else, and only use random
> passwords on Windows. That would greatly reduce the number of cases to
> worry about for portability of the password-generation code; and perhaps
> we could also push the crypto issue into reliance on some Windows-supplied
> functionality (though I'm just speculating about that part).
See for example
<http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942%28v=vs.85%29.aspx>
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2014-03-01 18:20:52 | Re: Securing "make check" (CVE-2014-0067) |
| Previous Message | Tom Lane | 2014-03-01 17:29:38 | Re: Securing "make check" (CVE-2014-0067) |