Re: [HACKERS] Possible make_oidjoins_check Security Issue
| От | Bruce Momjian |
|---|---|
| Тема | Re: [HACKERS] Possible make_oidjoins_check Security Issue |
| Дата | |
| Msg-id | 200411032342.iA3NgPi14138@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | Re: [HACKERS] Possible make_oidjoins_check Security Issue (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: [HACKERS] Possible make_oidjoins_check Security Issue
|
| Список | pgsql-patches |
Tom Lane wrote: > Bruce Momjian <pgman@candle.pha.pa.us> writes: > >> I think Tom's fix adequately addresses the security concerns. Exactly > >> what is wrong with writing to the current working directory? > > > Because it could be run from a directory where others have write > > permission. > > In which case, they could also change the findoidjoins script itself. > I think your fix is *less* secure than what you replaced. > > However, I've already wasted more than enough time on this issue... > I'm done arguing about it. As far as I know, my method is the only secure method. If I am wrong I would like to know. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
В списке pgsql-patches по дате отправления: