Re: About pg_upgrade

> > Still not sure about those temp files.  People like to see a possible
> > exploit in every temp file.
> 
> Well, yes, if you get the pid, you can create symlink files in /tmp and
> overwrite things.  How do I handle this properly, probably a directory
> in /tmp that I create but I have to set my umask first -- is that a
> plan?

Forget what I said, you don't need to change the umask, just do:
trap "rm -rf /tmp/$$" 0 1 2 3 15mkdir /tmp/$$ || exit 1

and you call all your temp files /tmp/$$/XXX, right?  Once you create
the directory, you own it and no one else can write into there.

I just did a Google search and no one came up with this idea, though I
believe X11 uses /tmp directories for this exact reason, right?

I finally found one mention of it:  Seems Suse uses it, but they did
'mkdir -p' which doesn't return an error if it fails so it was a
security problem itself:

http://groups.google.com/groups?q=tmp+security+race+directory+script+mkdir&hl=en&selm=bugtraq/Pine.LNX.4.30.0101170202040.15609-100000%40dent.suse.de&rnum=1

I just looked in /usr/bin on BSD/OS and found a whole bunch that do the
insecure /tmp/$$ trick I currently do in pg_upgrade:#$ file `grep -l '\$\$' *` | grep shell cvsbug:       Bourne shell
scripttextigawk:        Bourne shell script textlorder:       Bourne shell script textmkdep:        Bourne shell script
textpppattach:   Korn shell script textrcsfreeze:    Bourne shell script textsendbug:      Bourne shell script
textuupick:      Bourne shell script text
 

For example, cvsbug does:[ -z "$TMPDIR" ] && TMPDIR=/tmpTEMP=$TMPDIR/p$$BAD=$TMPDIR/pbad$$REF=$TMPDIR/pf$$

Bet everyone has that one on their system.  :-)

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026