| From: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: danger of stats_temp_directory = /dev/shm |
| Date: | 2013-08-13 16:57:36 |
| Message-ID: | CAMkU=1y3cg0FqsHx9jt=O+zUhgEbQ-41Dq9=-m9LNbaqTuwmiw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Apr 25, 2013 at 8:24 AM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> On 4/25/13 12:09 AM, Tom Lane wrote:
>> I think we need it fixed to reject any stats_temp_directory that is not
>> postgres-owned with restrictive permissions. The problem here is not
>> with what it deletes, it's with the insanely insecure configuration.
>
> Yeah, the requirements should be similar to what initdb requires for
> PGDATA and pg_xlog.
Is this a blocker for 9.3?
If it is a concern of not what is deleted but rather that someone can
inject a poisoned stats file into the directory, does it need to be
back-patched all the way, as that could be done before the split
patch?
Cheers,
Jeff
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Josh Berkus | 2013-08-13 17:24:32 | Re: How to create read-only view on 9.3 |
| Previous Message | 'Bruce Momjian' | 2013-08-13 16:49:33 | Re: 9.3 release notes suggestions |