Re: Securing "make check" (CVE-2014-0067)

On Fri, Apr 04, 2014 at 02:36:05AM +0000, YAMAMOTO Takashi wrote:
> > Thanks.  To avoid socket path length limitations, I lean toward placing the
> > socket temporary directory under /tmp rather than placing under the CWD:
> > 
> > http://www.postgresql.org/message-id/flat/20121129223632.GA15016@tornado.leadboat.com
> 
> openvswitch has some tricks to overcome the socket path length
> limitation using symlink.  (or procfs where available)
> iirc these were introduced for debian builds which use deep CWD.

That's another reasonable approach.  Does it have a notable advantage over
placing the socket in a subdirectory of /tmp?  Offhand, the security and
compatibility consequences look similar.

-- 
Noah Misch
EnterpriseDB                                 http://www.enterprisedb.com