Re: Securing "make check" (CVE-2014-0067)
| От | Magnus Hagander |
|---|---|
| Тема | Re: Securing "make check" (CVE-2014-0067) |
| Дата | |
| Msg-id | CABUevEyqAiwK3t2DrwWSrMv-9mvdgG3+Wwg7xOUqyYU0oNvy+w@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Securing "make check" (CVE-2014-0067) (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: Securing "make check" (CVE-2014-0067)
|
| Список | pgsql-hackers |
On Sun, Mar 2, 2014 at 7:27 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
Noah Misch <noah@leadboat.com> writes:+1 for that solution, if it's not an unreasonable amount of work to add
> One option that would simplify things is to fix only non-Windows in the back
> branches, via socket protection, and fix Windows in HEAD only. We could even
> do so by extending HAVE_UNIX_SOCKETS support to Windows through named pipes.
named-pipe sockets in Windows. That would offer a feature to Windows
users that they didn't have before, ie the ability to restrict connections
based on filesystem permissions; so it seems useful quite aside from any
"make check" considerations.
I think it might be a bigger piece of work than we'd like - and IIRC that's one of the reasons we didn't do it from the start. Named pipes on windows do act as files on Windows, but they do *not* act as sockets. As in, they return HANDLEs, not SOCKETs, and you can't recv() and send() on them.
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
В списке pgsql-hackers по дате отправления: