Thread: pgsql: Use temp files in current directory, not /tmp, to reduce security
pgsql: Use temp files in current directory, not /tmp, to reduce security
From
tgl@svr1.postgresql.org (Tom Lane)
Date:
Log Message:
-----------
Use temp files in current directory, not /tmp, to reduce security risk
while running this script.
Modified Files:
--------------
pgsql/contrib/findoidjoins:
make_oidjoins_check (r1.4 -> r1.5)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/findoidjoins/make_oidjoins_check.diff?r1=1.4&r2=1.5)
On Thu, 2004-10-21 at 02:42, Tom Lane wrote: > Use temp files in current directory, not /tmp, to reduce security risk > while running this script. IMHO this should be backpatched to REL7_4_STABLE. -Neil
On Thu, 2004-10-21 at 12:51, Tom Lane wrote: > This is well out in the get-a-life region of security issues. Oh, absolutely, but if it's worth fixing at all, I think we may as well backpatch it to 7.4 -- for no other reason than the security advisories that are open right now can be closed. -Neil
Neil Conway <neilc@samurai.com> writes:
> On Thu, 2004-10-21 at 02:42, Tom Lane wrote:
>> Use temp files in current directory, not /tmp, to reduce security risk
>> while running this script.
> IMHO this should be backpatched to REL7_4_STABLE.
Who exactly will ever use this script again against 7.4?
This is well out in the get-a-life region of security issues.
regards, tom lane