Home > mailing lists

Re: Securing "make check" (CVE-2014-0067) - Mailing list pgsql-hackers

From	Noah Misch
Subject	Re: Securing "make check" (CVE-2014-0067)
Date	April 4, 2014 06:50:07
Msg-id	20140404034954.GD325418@tornado.leadboat.com Whole thread Raw
In response to	Re: Securing "make check" (CVE-2014-0067) (yamt@netbsd.org (YAMAMOTO Takashi))
Responses	Re: Securing "make check" (CVE-2014-0067) (yamt@netbsd.org (YAMAMOTO Takashi))
List	pgsql-hackers

Tree view

On Fri, Apr 04, 2014 at 02:36:05AM +0000, YAMAMOTO Takashi wrote:
> > Thanks.  To avoid socket path length limitations, I lean toward placing the
> > socket temporary directory under /tmp rather than placing under the CWD:
> > 
> > http://www.postgresql.org/message-id/flat/20121129223632.GA15016@tornado.leadboat.com
> 
> openvswitch has some tricks to overcome the socket path length
> limitation using symlink.  (or procfs where available)
> iirc these were introduced for debian builds which use deep CWD.

That's another reasonable approach.  Does it have a notable advantage over
placing the socket in a subdirectory of /tmp?  Offhand, the security and
compatibility consequences look similar.

-- 
Noah Misch
EnterpriseDB                                 http://www.enterprisedb.com

pgsql-hackers by date:

From: Tom Lane
Date: 04 April 2014, 06:44:55
Subject: Re: B-Tree support function number 3 (strxfrm() optimization)

From: Etsuro Fujita
Date: 04 April 2014, 07:35:33
Subject: A question about code in DefineRelation()

Re: Securing "make check" (CVE-2014-0067) - Mailing list pgsql-hackers

Previous

Next