pgsql: Use temp files in current directory, not /tmp, to reduce security

Started by Tom Laneover 21 years ago4 messagescomitters

tgl@sss.pgh.pa.us

over 21 years ago

Log Message:
-----------
Use temp files in current directory, not /tmp, to reduce security risk
while running this script.

Modified Files:
--------------
pgsql/contrib/findoidjoins:
make_oidjoins_check (r1.4 -> r1.5)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/findoidjoins/make_oidjoins_check.diff?r1=1.4&r2=1.5)

Neil Conway

neilc@samurai.com

over 21 years ago

In reply to: Tom Lane (#1)

Re: pgsql: Use temp files in current directory, not

On Thu, 2004-10-21 at 02:42, Tom Lane wrote:

Use temp files in current directory, not /tmp, to reduce security risk
while running this script.

IMHO this should be backpatched to REL7_4_STABLE.

-Neil

Tom Lane

tgl@sss.pgh.pa.us

over 21 years ago

In reply to: Neil Conway (#2)

Re: pgsql: Use temp files in current directory, not /tmp, to reduce security

Neil Conway <neilc@samurai.com> writes:

On Thu, 2004-10-21 at 02:42, Tom Lane wrote:

Use temp files in current directory, not /tmp, to reduce security risk
while running this script.

IMHO this should be backpatched to REL7_4_STABLE.

Who exactly will ever use this script again against 7.4?

This is well out in the get-a-life region of security issues.

regards, tom lane

Neil Conway

neilc@samurai.com

over 21 years ago

In reply to: Tom Lane (#3)

Re: pgsql: Use temp files in current directory, not

On Thu, 2004-10-21 at 12:51, Tom Lane wrote:

This is well out in the get-a-life region of security issues.

Oh, absolutely, but if it's worth fixing at all, I think we may as well
backpatch it to 7.4 -- for no other reason than the security advisories
that are open right now can be closed.

-Neil