Home > mailing lists

Re: SECURITY: psql allows symlink games in /tmp - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: SECURITY: psql allows symlink games in /tmp
Date	November 25, 2000 12:28:32
Msg-id	200011251428.JAA09526@candle.pha.pa.us Whole thread Raw
In response to	SECURITY: psql allows symlink games in /tmp (Andrew Bartlett <abartlet@pcug.org.au>)
List	pgsql-hackers

Tree view

> Looks like what I would have done if I knew C.
> 
> The only issue remaining is a policy issue as to if psql should call an
> editor in /tmp at all, considering the issues raised bye the recent joe
> vulnerability, ie can we trust the editor not to do a crazy thing, like
> not creating a similarly predictable backup-file name etc.  It should at
> least be documented so that a more parinoid sys-admin can make sure that
> users use a private TMPDIR.

Not sure it is worth the addition.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026

pgsql-hackers by date:

From: Peter Eisentraut
Date: 25 November 2000, 11:39:26
Subject: Re: location of Unix socket

From: Peter Eisentraut
Date: 25 November 2000, 13:38:26
Subject: Re: OK, that's one LOCALE bug report too many...

Re: SECURITY: psql allows symlink games in /tmp - Mailing list pgsql-hackers

Previous

Next