Re: Securing "make check" (CVE-2014-0067)
| От | yamt@netbsd.org (YAMAMOTO Takashi) |
|---|---|
| Тема | Re: Securing "make check" (CVE-2014-0067) |
| Дата | |
| Msg-id | 20140404111156.F10C014A32C@mail.netbsd.org обсуждение исходный текст |
| Ответ на | Re: Securing "make check" (CVE-2014-0067) (Noah Misch <noah@leadboat.com>) |
| Ответы |
Re: Securing "make check" (CVE-2014-0067)
|
| Список | pgsql-hackers |
> On Fri, Apr 04, 2014 at 02:36:05AM +0000, YAMAMOTO Takashi wrote: >> > Thanks. To avoid socket path length limitations, I lean toward placing the >> > socket temporary directory under /tmp rather than placing under the CWD: >> > >> > http://www.postgresql.org/message-id/flat/20121129223632.GA15016@tornado.leadboat.com >> >> openvswitch has some tricks to overcome the socket path length >> limitation using symlink. (or procfs where available) >> iirc these were introduced for debian builds which use deep CWD. > > That's another reasonable approach. Does it have a notable advantage over > placing the socket in a subdirectory of /tmp? Offhand, the security and > compatibility consequences look similar. an advantage is that the socket can be placed under CWD and thus automatically obeys its directory permissions etc. YAMAMOTO Takashi > > -- > Noah Misch > EnterpriseDB http://www.enterprisedb.com > > > -- > Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-hackers
В списке pgsql-hackers по дате отправления: