Hi Sergei, On Mon, Dec 21, 2015 at 08:22:51PM +0100, Sergei Golubchik wrote: > Hi, Sergey! > > On Dec 21, Sergey Vojtovich wrote: > > On Mon, Dec 21, 2015 at 01:45:27PM +0100, Sergei Golubchik wrote: > > > > > > > besides, what the plan for moving to unix_socket auth? > > > > Strictly speaking there is no plan. If you're asking for my opinion: I > > > > like it. > > > > I'd avoid such massive changes to not very well tested scripts in GA > > > > versions. > > > > 10.2 seem to be reasonable target version. > > > > > > > > I could probably do that over the next week, or some time in > > > > February/March. > > > > > > my point was - if unix_socket comes soon, why bother fixing these > > > issues? and it not, then "will be solved by unix_socket" is not an > > > excuse we can use. > > I'm fine if we agree to port unix socket to 10.2 and leave previous versions > > unfixed. > > Okay, let's do that. > > Let's just push the chmod fix, it's the only security-relevant issue in > your MDEV. But now I'm thinking that your fix isn't bullet-proof either, > it makes the window smaller but doesn't eliminate it. Push it just to 10.1? Just chmod and no chown? I don't mind, but it deviates from original behavior.
> > A safe version could be something like > > sh -c 'umask 0077 && touch /secret/file' You're right, permission is checked on open and not on subsequent IO. I'll fix it. Thanks, Sergey _______________________________________________ Mailing list: https://launchpad.net/~maria-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~maria-developers More help : https://help.launchpad.net/ListHelp
