Re: Securing "make check" (CVE-2014-0067)

On 03/02/2014 01:27 PM, Tom Lane wrote:

> Also, to what extent does any of this affect buildfarm animals?  Whatever
> we do for "make check" will presumably make those tests safe for them,
> but how are the postmasters they test under "make installcheck" set up?
>

Nothing special.
   "bin/initdb" -U buildfarm --locale=$locale data-$locale   ...   "bin/pg_ctl" -D data-$locale -l logfile -w start


We have wide control over what's done, just let me know what's wanted. 
For example, it would be pretty simple to make it use a non-standard 
socket directory and turn tcp connections off on Unix, or to set up 
password auth for that matter, assuming we already have a strong password.

I generally assume that people aren't running buildfarm animals on 
general purpose multi-user machines, but it might be as well to take 
precautions.

cheers

andrew