diff options
| author | Noah Misch <noah@leadboat.com> | 2014-03-29 00:52:56 -0400 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2014-03-29 00:52:56 -0400 |
| commit | 31c6e54ec9abab0c63d709e492ef18a701b02641 (patch) | |
| tree | 6e6faf3d685de0632539333d418b0d6b528d4c76 /src/backend/access/gin/ginarrayproc.c | |
| parent | fbd32b0cab806a2244bd5171e4b60e53f4a9dfe7 (diff) | |
| download | postgresql-31c6e54ec9abab0c63d709e492ef18a701b02641.tar.gz postgresql-31c6e54ec9abab0c63d709e492ef18a701b02641.zip | |
Secure Unix-domain sockets of "make check" temporary clusters.
Any OS user able to access the socket can connect as the bootstrap
superuser and in turn execute arbitrary code as the OS user running the
test. Protect against that by placing the socket in the temporary data
directory, which has mode 0700 thanks to initdb. Back-patch to 8.4 (all
supported versions). The hazard remains wherever the temporary cluster
accepts TCP connections, notably on Windows.
Attempts to run "make check" from a directory with a long name will now
fail. An alternative not sharing that problem was to place the socket
in a subdirectory of /tmp, but that is only secure if /tmp is sticky.
The PG_REGRESS_SOCK_DIR environment variable is available as a
workaround when testing from long directory paths.
As a convenient side effect, this lets testing proceed smoothly in
builds that override DEFAULT_PGSOCKET_DIR. Popular non-default values
like /var/run/postgresql are often unwritable to the build user.
Security: CVE-2014-0067
Diffstat (limited to 'src/backend/access/gin/ginarrayproc.c')
0 files changed, 0 insertions, 0 deletions