Home > mailing lists

Re: pgsql/src/bin/initdb initdb.sh - Mailing list pgsql-committers

From	Bruce Momjian
Subject	Re: pgsql/src/bin/initdb initdb.sh
Date	June 23, 2001 23:03:17
Msg-id	200106232350.f5NNoV215724@candle.pha.pa.us Whole thread Raw
In response to	pgsql/src/bin/initdb initdb.sh (Peter Eisentraut - PostgreSQL <petere@hub.org>)
Responses	Re: pgsql/src/bin/initdb initdb.sh (Peter Eisentraut <peter_e@gmx.net>)
List	pgsql-committers

Tree view

> CVSROOT:    /home/projects/pgsql/cvsroot
> Module name:    pgsql
> Changes by:    petere@hub.org    01/06/23 19:29:48
>
> Modified files:
>     src/bin/initdb : initdb.sh
>
> Log message:
>     Don't use a temp file.  It was created insecurely and was easy to do without.

This brings up a question.  If I have pid 333 and someone creates a file
world-writable called /tmp/333, and I go and do:

    cat file >/tmp/$$

isn't another user now able to modify those temp file contents.  Is that
the insecurity you mentioned Peter, and if so, how do you prevent this?

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

pgsql-committers by date:

From: Peter Eisentraut - PostgreSQL
Date: 23 June 2001, 22:29:54
Subject: pgsql/src/bin/initdb initdb.sh

From: Bruce Momjian - CVS
Date: 24 June 2001, 01:41:28
Subject: pgsql/src backend/parser/parse_coerce.c backen ...

Re: pgsql/src/bin/initdb initdb.sh - Mailing list pgsql-committers

Previous

Next