Thread: pgsql: Use temp files in current directory, not /tmp, to reduce security
pgsql: Use temp files in current directory, not /tmp, to reduce security
From
tgl@svr1.postgresql.org (Tom Lane)
Date:
Log Message: ----------- Use temp files in current directory, not /tmp, to reduce security risk while running this script. Modified Files: -------------- pgsql/contrib/findoidjoins: make_oidjoins_check (r1.4 -> r1.5) (http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/findoidjoins/make_oidjoins_check.diff?r1=1.4&r2=1.5)
On Thu, 2004-10-21 at 02:42, Tom Lane wrote: > Use temp files in current directory, not /tmp, to reduce security risk > while running this script. IMHO this should be backpatched to REL7_4_STABLE. -Neil
On Thu, 2004-10-21 at 12:51, Tom Lane wrote: > This is well out in the get-a-life region of security issues. Oh, absolutely, but if it's worth fixing at all, I think we may as well backpatch it to 7.4 -- for no other reason than the security advisories that are open right now can be closed. -Neil
Neil Conway <neilc@samurai.com> writes: > On Thu, 2004-10-21 at 02:42, Tom Lane wrote: >> Use temp files in current directory, not /tmp, to reduce security risk >> while running this script. > IMHO this should be backpatched to REL7_4_STABLE. Who exactly will ever use this script again against 7.4? This is well out in the get-a-life region of security issues. regards, tom lane