Re: getuid() vs geteuid() - Mailing list pgsql-hackers

From Simon Riggs
Subject Re: getuid() vs geteuid()
Date
Msg-id 1105221314.3803.61.camel@localhost.localdomain
Whole thread Raw
In response to getuid() vs geteuid()  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: getuid() vs geteuid()
List pgsql-hackers
On Sat, 2005-01-08 at 12:44 -0500, Tom Lane wrote:
> I notice that several uses of getuid() have snuck into the code, mostly
> in relatively-recently-added SSL code.  I assert that these all are
> wrong and should be checking geteuid().  Is anyone going to complain
> that we need an RC5 to change this?

No, but increased security is only possible via increased transparency.

We should explain clearly any such change made in the name of security,
then document it in Developer's FAQ to make sure such problems do not
recur. 

-- 
Best Regards, Simon Riggs



pgsql-hackers by date:

Previous
From: Tony Caduto
Date:
Subject: Re: Delphi+pqsql
Next
From: Tom Lane
Date:
Subject: Re: getuid() vs geteuid()