| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Noah Misch <noah(at)leadboat(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Securing "make check" (CVE-2014-0067) |
| Date: | 2014-03-02 22:36:41 |
| Message-ID: | CABUevEyqAiwK3t2DrwWSrMv-9mvdgG3+Wwg7xOUqyYU0oNvy+w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Mar 2, 2014 at 7:27 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Noah Misch <noah(at)leadboat(dot)com> writes:
> > One option that would simplify things is to fix only non-Windows in the
> back
> > branches, via socket protection, and fix Windows in HEAD only. We could
> even
> > do so by extending HAVE_UNIX_SOCKETS support to Windows through named
> pipes.
>
> +1 for that solution, if it's not an unreasonable amount of work to add
> named-pipe sockets in Windows. That would offer a feature to Windows
> users that they didn't have before, ie the ability to restrict connections
> based on filesystem permissions; so it seems useful quite aside from any
> "make check" considerations.
>
I think it might be a bigger piece of work than we'd like - and IIRC that's
one of the reasons we didn't do it from the start. Named pipes on windows
do act as files on Windows, but they do *not* act as sockets. As in, they
return HANDLEs, not SOCKETs, and you can't recv() and send() on them.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Noah Misch | 2014-03-02 22:38:38 | Re: Securing "make check" (CVE-2014-0067) |
| Previous Message | Stephen Frost | 2014-03-02 22:35:20 | Re: Securing "make check" (CVE-2014-0067) |