Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue
Bruce Momjian wrote: Tom Lane wrote: Bruce Momjian [EMAIL PROTECTED] writes: I believe the proper way to handle this is a new directory under /tmp. It's definitely not worth the trouble. I looked at what configure does to make /tmp subdirectories portably, and it is spectacularly ugly (not to mention long). If make_oidjoins_check were a user-facing tool that would be one thing, but it isn't ... From a public relations perspective and a code reuse perspective I think we should create temporary tables securely. The attached applied patch ^^ files fixes contrib/findoidjoins/make_oidjoins_check. Sorry, meant temporary files. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send unregister YourEmailAddressHere to [EMAIL PROTECTED])
Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue
Bruce Momjian [EMAIL PROTECTED] writes: From a public relations perspective and a code reuse perspective I think we should create temporary tables securely. The attached applied patch fixes contrib/findoidjoins/make_oidjoins_check. ... and creates issues of its own, such as attempting an rm -rf on something that it shouldn't. At the very least don't install the trap until after creating the directory successfully. I really think this is a waste of time though. The current code creates the temp files in the current directory, and if the bad guy has write access on that directory you are already screwed (for instance, what's to stop him from altering the script file itself to do anything at all when you run it?). I do not think that putting stuff back into /tmp is an improvement; that just adds risks where none exist now. regards, tom lane ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue
Tom Lane wrote:
Bruce Momjian [EMAIL PROTECTED] writes:
I believe the proper way to handle this is a new directory under /tmp.
It's definitely not worth the trouble. I looked at what configure does
to make /tmp subdirectories portably, and it is spectacularly ugly
(not to mention long). If make_oidjoins_check were a user-facing tool
that would be one thing, but it isn't ...
From a public relations perspective and a code reuse perspective I think
we should create temporary tables securely. The attached applied patch
fixes contrib/findoidjoins/make_oidjoins_check.
--
Bruce Momjian| http://candle.pha.pa.us
[EMAIL PROTECTED] | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup.| Newtown Square, Pennsylvania 19073
Index: contrib/findoidjoins/make_oidjoins_check
===
RCS file: /cvsroot/pgsql/contrib/findoidjoins/make_oidjoins_check,v
retrieving revision 1.5
diff -c -c -r1.5 make_oidjoins_check
*** contrib/findoidjoins/make_oidjoins_check20 Oct 2004 16:42:46 - 1.5
--- contrib/findoidjoins/make_oidjoins_check3 Nov 2004 22:42:06 -
***
*** 10,21
# Caution: you may need to use GNU awk.
AWK=${AWK:-awk}
! INPUTFILE=tmp$$a
! DUPSFILE=tmp$$b
! NONDUPSFILE=tmp$$c
! rm -f $INPUTFILE $DUPSFILE $NONDUPSFILE
! trap rm -f $INPUTFILE $DUPSFILE $NONDUPSFILE 0 1 2 3 15
# Read input
cat $@ $INPUTFILE
--- 10,32
# Caution: you may need to use GNU awk.
AWK=${AWK:-awk}
! TMP=/tmp/$$
! trap rm -rf $TMP 0 1 2 3 15
! # Create a temporary directory with the proper permissions so no one can
! # intercept our temporary files and cause a security breach.
! OMASK=`umask`
! umask 077
! if ! mkdir $TMP
! then echo Can't create temporary directory $TMP. 12
! exit 1
! fi
! umask $OMASK
! unset OMASK
!
! INPUTFILE=$TMP/a
! DUPSFILE=$TMP/b
! NONDUPSFILE=$TMP/c
# Read input
cat $@ $INPUTFILE
---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faqs/FAQ.html
Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue
Tom Lane wrote: Bruce Momjian [EMAIL PROTECTED] writes: From a public relations perspective and a code reuse perspective I think we should create temporary tables securely. The attached applied patch fixes contrib/findoidjoins/make_oidjoins_check. ... and creates issues of its own, such as attempting an rm -rf on something that it shouldn't. At the very least don't install the trap until after creating the directory successfully. OK, moved. I really think this is a waste of time though. The current code creates the temp files in the current directory, and if the bad guy has write access on that directory you are already screwed (for instance, what's to stop him from altering the script file itself to do anything at all when you run it?). I do not think that putting stuff back into /tmp is an improvement; that just adds risks where none exist now. My method is secure, and I think we do have to handle this in a way that addresses the security concerns. It is easy to say no one would run this under normal use but that isn't really a safe answer for the security folks, I think. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue
On Thu, 2004-11-04 at 10:07, Bruce Momjian wrote: My method is secure, and I think we do have to handle this in a way that addresses the security concerns. I think Tom's fix adequately addresses the security concerns. Exactly what is wrong with writing to the current working directory? It is easy to say no one would run this under normal use but that isn't really a safe answer for the security folks, I think. This is a non-sequitor -- I don't think Tom or anyone else has argued this. -Neil ---(end of broadcast)--- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue
Tom Lane wrote: Bruce Momjian [EMAIL PROTECTED] writes: I think Tom's fix adequately addresses the security concerns. Exactly what is wrong with writing to the current working directory? Because it could be run from a directory where others have write permission. In which case, they could also change the findoidjoins script itself. I think your fix is *less* secure than what you replaced. However, I've already wasted more than enough time on this issue... I'm done arguing about it. As far as I know, my method is the only secure method. If I am wrong I would like to know. -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue
On Wed, 3 Nov 2004, Bruce Momjian wrote:
Tom Lane wrote:
Bruce Momjian [EMAIL PROTECTED] writes:
I think Tom's fix adequately addresses the security concerns. Exactly
what is wrong with writing to the current working directory?
Because it could be run from a directory where others have write
permission.
In which case, they could also change the findoidjoins script itself.
I think your fix is *less* secure than what you replaced.
However, I've already wasted more than enough time on this issue...
I'm done arguing about it.
As far as I know, my method is the only secure method. If I am wrong I
would like to know.
I think the problem can really be solved by just removing it from the
distribution. However, one thing I noticed with Bruce's script is that it
does not respect $TMPDIR -- which security conscious admins may be
setting. Solution would be to set TMP=${TMPDIR:-/tmp} before defining the
path to the temporary sub directory.
Thanks,
Gavin
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster
Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue
Gavin Sherry [EMAIL PROTECTED] writes: I think the problem can really be solved by just removing it from the distribution. Just FYI, I've already done that in Red Hat's RPMs (not sure if Devrim followed suit). I can't think of a good reason for make install to install that script, either. regards, tom lane ---(end of broadcast)--- TIP 4: Don't 'kill -9' the postmaster
Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue
Gavin Sherry wrote:
On Wed, 3 Nov 2004, Bruce Momjian wrote:
Tom Lane wrote:
Bruce Momjian [EMAIL PROTECTED] writes:
I think Tom's fix adequately addresses the security concerns. Exactly
what is wrong with writing to the current working directory?
Because it could be run from a directory where others have write
permission.
In which case, they could also change the findoidjoins script itself.
I think your fix is *less* secure than what you replaced.
However, I've already wasted more than enough time on this issue...
I'm done arguing about it.
As far as I know, my method is the only secure method. If I am wrong I
would like to know.
I think the problem can really be solved by just removing it from the
distribution. However, one thing I noticed with Bruce's script is that it
does not respect $TMPDIR -- which security conscious admins may be
setting. Solution would be to set TMP=${TMPDIR:-/tmp} before defining the
path to the temporary sub directory.
OK, TMPDIR honored. Thanks.
I am fine with removing it but if we don't I would like to have it
secure, mostly from a public relations perspective.
--
Bruce Momjian| http://candle.pha.pa.us
[EMAIL PROTECTED] | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup.| Newtown Square, Pennsylvania 19073
---(end of broadcast)---
TIP 2: you can get off all lists at once with the unregister command
(send unregister YourEmailAddressHere to [EMAIL PROTECTED])
[PATCHES] Translation updates for 8.0: libpq-ru, pg_ctl-ru, pg_dump-ru
Hello Peter, Please intall the attached updates for 8.0. All fuzzy messages should be fixed in these. Thanks, -s libpq-ru.po.gz Description: GNU Zip compressed data pg_ctl-ru.po.gz Description: GNU Zip compressed data pg_dump-ru.po.gz Description: GNU Zip compressed data ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
[PATCHES] fix typos in pt_br FAQ
Hi, Attached is a patch that correct two typos in pt_BR FAQ. Please apply. = Euler Taveira de Oliveira euler[at]yahoo_com_br __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com faq_pt_br.diff Description: faq_pt_br.diff ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue
Neil Conway [EMAIL PROTECTED] writes: Attached is a patch that removes the make_oidjoins_check script from make install. Barring any objections, I'll apply it to HEAD later today. If we are going in that direction, all the files installed by this subdirectory should be suppressed (ie, findoidjoins and README.findoidjoins too). regards, tom lane ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue
On Thu, 2004-11-04 at 13:05, Bruce Momjian wrote: I am fine with removing it but if we don't I would like to have it secure, mostly from a public relations perspective. A change which introduced two regressions and fails to materially improve the security of the script is a curious definition of secure if you ask me... Attached is a patch that removes the make_oidjoins_check script from make install. Barring any objections, I'll apply it to HEAD later today. -Neil --- contrib/findoidjoins/Makefile +++ contrib/findoidjoins/Makefile @@ -6,7 +6,6 @@ PG_CPPFLAGS = -I$(libpq_srcdir) PG_LIBS = $(libpq) -SCRIPTS = make_oidjoins_check DOCS = README.findoidjoins ifdef USE_PGXS ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
Re: [PATCHES] contrib build fixes
On Wed, 2004-11-03 at 14:45, Neil Conway wrote: Attached is a patch that makes some improvements to the contrib/ build. Applied. -Neil ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
