Home > mailing lists

Re: [HACKERS] Possible make_oidjoins_check Security Issue - Mailing list pgsql-patches

From	Tom Lane
Subject	Re: [HACKERS] Possible make_oidjoins_check Security Issue
Date	November 4, 2004 02:34:31
Msg-id	18308.1099524859@sss.pgh.pa.us Whole thread Raw
In response to	Re: [HACKERS] Possible make_oidjoins_check Security Issue (Bruce Momjian <pgman@candle.pha.pa.us>)
Responses	Re: [HACKERS] Possible make_oidjoins_check Security Issue
List	pgsql-patches

Tree view

Bruce Momjian <pgman@candle.pha.pa.us> writes:
>> I think Tom's fix adequately addresses the security concerns. Exactly
>> what is wrong with writing to the current working directory?

> Because it could be run from a directory where others have write
> permission.

In which case, they could also change the findoidjoins script itself.
I think your fix is *less* secure than what you replaced.

However, I've already wasted more than enough time on this issue...
I'm done arguing about it.

            regards, tom lane

pgsql-patches by date:

From: Bruce Momjian
Date: 04 November 2004, 02:28:40
Subject: Re: [HACKERS] Possible make_oidjoins_check Security Issue

From: Bruce Momjian
Date: 04 November 2004, 02:42:46
Subject: Re: [HACKERS] Possible make_oidjoins_check Security Issue

Re: [HACKERS] Possible make_oidjoins_check Security Issue - Mailing list pgsql-patches

Previous

Next