From: | yamt(at)netbsd(dot)org (YAMAMOTO Takashi) |
---|---|
To: | noah(at)leadboat(dot)com |
Cc: | bruce(at)momjian(dot)us, tgl(at)sss(dot)pgh(dot)pa(dot)us, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Securing "make check" (CVE-2014-0067) |
Date: | 2014-04-04 11:11:56 |
Message-ID: | 20140404111156.F10C014A32C@mail.netbsd.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> On Fri, Apr 04, 2014 at 02:36:05AM +0000, YAMAMOTO Takashi wrote:
>> > Thanks. To avoid socket path length limitations, I lean toward placing the
>> > socket temporary directory under /tmp rather than placing under the CWD:
>> >
>> > http://www.postgresql.org/message-id/flat/20121129223632(dot)GA15016(at)tornado(dot)leadboat(dot)com
>>
>> openvswitch has some tricks to overcome the socket path length
>> limitation using symlink. (or procfs where available)
>> iirc these were introduced for debian builds which use deep CWD.
>
> That's another reasonable approach. Does it have a notable advantage over
> placing the socket in a subdirectory of /tmp? Offhand, the security and
> compatibility consequences look similar.
an advantage is that the socket can be placed under CWD
and thus automatically obeys its directory permissions etc.
YAMAMOTO Takashi
>
> --
> Noah Misch
> EnterpriseDB http://www.enterprisedb.com
>
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
From | Date | Subject | |
---|---|---|---|
Next Message | Andres Freund | 2014-04-04 11:13:45 | Re: [PATCH] Negative Transition Aggregate Functions (WIP) |
Previous Message | Florian Pflug | 2014-04-04 10:56:55 | Re: [PATCH] Negative Transition Aggregate Functions (WIP) |