| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Noah Misch <noah(at)leadboat(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Securing "make check" (CVE-2014-0067) |
| Date: | 2014-03-02 20:12:27 |
| Message-ID: | 531390AB.5020106@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 03/02/2014 01:27 PM, Tom Lane wrote:
> Also, to what extent does any of this affect buildfarm animals? Whatever
> we do for "make check" will presumably make those tests safe for them,
> but how are the postmasters they test under "make installcheck" set up?
>
Nothing special.
"bin/initdb" -U buildfarm --locale=$locale data-$locale
...
"bin/pg_ctl" -D data-$locale -l logfile -w start
We have wide control over what's done, just let me know what's wanted.
For example, it would be pretty simple to make it use a non-standard
socket directory and turn tcp connections off on Unix, or to set up
password auth for that matter, assuming we already have a strong password.
I generally assume that people aren't running buildfarm animals on
general purpose multi-user machines, but it might be as well to take
precautions.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2014-03-02 20:17:55 | Re: Securing "make check" (CVE-2014-0067) |
| Previous Message | Pavel Stehule | 2014-03-02 19:47:14 | Re: proposal, patch: allow multiple plpgsql plugins |