Re: Possible make_oidjoins_check Security Issue - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Possible make_oidjoins_check Security Issue
Date
Msg-id 29784.1098245472@sss.pgh.pa.us
Whole thread Raw
In response to Re: Possible make_oidjoins_check Security Issue  (Neil Conway <neilc@samurai.com>)
Responses Re: Possible make_oidjoins_check Security Issue
Re: Possible make_oidjoins_check Security Issue
List pgsql-hackers
Neil Conway <neilc@samurai.com> writes:
> On Wed, 2004-10-20 at 06:18, Rod Taylor wrote:
>> http://secunia.com/advisories/12860/

> This seems like a rather inconsequential problem,

Indeed, since ordinary users have no use for make_oidjoins_check.
It's surely very implausible that anyone would run it as root; and
even if someone did, the attacker cannot control what gets written.

> but it should be fixed. The first two ideas that come to mind: use
> temporary files in $PWD rather than /tmp, or create a subdirectory in
> /tmp to use for the temporary files.

I believe that the subdirectory idea is also vulnerable without great
care.

My inclination so far as the Red Hat packages are concerned is simply to
omit the contrib/findoidjoins files from the installed RPMs.

The patch originally proposed by trustix involved using mktemp(1), which
would be a great fix if mktemp(1) weren't so laughably unportable :-(
But in any case it's hard to see why we are expending RPM distro space
on this script in the first place.  I suspect that no one on the planet
except Bruce and myself have ever actually run this script.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Alvaro Herrera
Date:
Subject: Re: Possible make_oidjoins_check Security Issue
Next
From: Tom Lane
Date:
Subject: Re: Possible make_oidjoins_check Security Issue