Home > mailing lists

Re: [COMMITTERS] pgsql/src/bin/initdb initdb.sh - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: [COMMITTERS] pgsql/src/bin/initdb initdb.sh
Date	June 25, 2001 16:16:37
Msg-id	Pine.LNX.4.30.0106251859210.724-100000@peter.localdomain Whole thread Raw
In response to	Re: [COMMITTERS] pgsql/src/bin/initdb initdb.sh (Bruce Momjian <pgman@candle.pha.pa.us>)
Responses	Re: Re: [COMMITTERS] pgsql/src/bin/initdb initdb.sh
List	pgsql-hackers

Tree view

Bruce Momjian writes:

> > To securely create a temp file in shell you need to use mktemp(1), or do
> > something like (umask 077 && mkdir $TMPDIR/$$) to create a subdirectory.
> > Needless to say, it's tricky.
>
> Wow, that symlink is a bad one.  I don't see mktemp(1) on bsd/os, only
> mktemp(3).  I do see it on FreeBSD.
>
> Good thing I don't have other shell users on my system.  I do cat
> >/tmp/$$ all the time in scripts.

I see we have temp file vulnerabilities in genbki.sh and Gen_fmgrtab.sh as
well.  I'll try to fix them.

-- 
Peter Eisentraut   peter_e@gmx.net   http://funkturm.homeip.net/~peter

pgsql-hackers by date:

From: Peter Eisentraut
Date: 25 June 2001, 15:32:40
Subject: Re: AW: AW: AW: [PATCH] Re: Setuid functions

From: Mark Volpe
Date: 25 June 2001, 17:26:30
Subject: Re: [PATCH] Re: Setuid functions

Re: [COMMITTERS] pgsql/src/bin/initdb initdb.sh - Mailing list pgsql-hackers

Previous

Next