Re: [HACKERS] Possible make_oidjoins_check Security Issue

Bruce Momjian <pgman@candle.pha.pa.us> writes:
> From a public relations perspective and a code reuse perspective I think
> we should create temporary tables securely.  The attached applied patch
> fixes contrib/findoidjoins/make_oidjoins_check.

... and creates issues of its own, such as attempting an rm -rf on
something that it shouldn't.  At the very least don't install the trap
until after creating the directory successfully.

I really think this is a waste of time though.  The current code creates
the temp files in the current directory, and if the bad guy has write
access on that directory you are already screwed (for instance, what's
to stop him from altering the script file itself to do anything at all
when you run it?).  I do not think that putting stuff back into /tmp is
an improvement; that just adds risks where none exist now.

            regards, tom lane