Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue

2004-11-03 Thread Bruce Momjian
Bruce Momjian wrote: Tom Lane wrote: Bruce Momjian [EMAIL PROTECTED] writes: I believe the proper way to handle this is a new directory under /tmp. It's definitely not worth the trouble. I looked at what configure does to make /tmp subdirectories portably, and it is spectacularly

Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue

2004-11-03 Thread Tom Lane
Bruce Momjian [EMAIL PROTECTED] writes: From a public relations perspective and a code reuse perspective I think we should create temporary tables securely. The attached applied patch fixes contrib/findoidjoins/make_oidjoins_check. ... and creates issues of its own, such as attempting an rm

Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue

2004-11-03 Thread Bruce Momjian
Tom Lane wrote: Bruce Momjian [EMAIL PROTECTED] writes: I believe the proper way to handle this is a new directory under /tmp. It's definitely not worth the trouble. I looked at what configure does to make /tmp subdirectories portably, and it is spectacularly ugly (not to mention long).

Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue

2004-11-03 Thread Bruce Momjian
Tom Lane wrote: Bruce Momjian [EMAIL PROTECTED] writes: From a public relations perspective and a code reuse perspective I think we should create temporary tables securely. The attached applied patch fixes contrib/findoidjoins/make_oidjoins_check. ... and creates issues of its own, such

Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue

2004-11-03 Thread Neil Conway
On Thu, 2004-11-04 at 10:07, Bruce Momjian wrote: My method is secure, and I think we do have to handle this in a way that addresses the security concerns. I think Tom's fix adequately addresses the security concerns. Exactly what is wrong with writing to the current working directory? It is

Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue

2004-11-03 Thread Bruce Momjian
Tom Lane wrote: Bruce Momjian [EMAIL PROTECTED] writes: I think Tom's fix adequately addresses the security concerns. Exactly what is wrong with writing to the current working directory? Because it could be run from a directory where others have write permission. In which case, they

Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue

2004-11-03 Thread Gavin Sherry
On Wed, 3 Nov 2004, Bruce Momjian wrote: Tom Lane wrote: Bruce Momjian [EMAIL PROTECTED] writes: I think Tom's fix adequately addresses the security concerns. Exactly what is wrong with writing to the current working directory? Because it could be run from a directory where others

Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue

2004-11-03 Thread Tom Lane
Gavin Sherry [EMAIL PROTECTED] writes: I think the problem can really be solved by just removing it from the distribution. Just FYI, I've already done that in Red Hat's RPMs (not sure if Devrim followed suit). I can't think of a good reason for make install to install that script, either.

Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue

2004-11-03 Thread Bruce Momjian
Gavin Sherry wrote: On Wed, 3 Nov 2004, Bruce Momjian wrote: Tom Lane wrote: Bruce Momjian [EMAIL PROTECTED] writes: I think Tom's fix adequately addresses the security concerns. Exactly what is wrong with writing to the current working directory? Because it could be run

[PATCHES] Translation updates for 8.0: libpq-ru, pg_ctl-ru, pg_dump-ru

2004-11-03 Thread Serguei Mokhov
Hello Peter, Please intall the attached updates for 8.0. All fuzzy messages should be fixed in these. Thanks, -s libpq-ru.po.gz Description: GNU Zip compressed data pg_ctl-ru.po.gz Description: GNU Zip compressed data pg_dump-ru.po.gz Description: GNU Zip compressed data

[PATCHES] fix typos in pt_br FAQ

2004-11-03 Thread Euler Taveira de Oliveira
Hi, Attached is a patch that correct two typos in pt_BR FAQ. Please apply. = Euler Taveira de Oliveira euler[at]yahoo_com_br __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue

2004-11-03 Thread Tom Lane
Neil Conway [EMAIL PROTECTED] writes: Attached is a patch that removes the make_oidjoins_check script from make install. Barring any objections, I'll apply it to HEAD later today. If we are going in that direction, all the files installed by this subdirectory should be suppressed (ie,

Re: [PATCHES] [HACKERS] Possible make_oidjoins_check Security Issue

2004-11-03 Thread Neil Conway
On Thu, 2004-11-04 at 13:05, Bruce Momjian wrote: I am fine with removing it but if we don't I would like to have it secure, mostly from a public relations perspective. A change which introduced two regressions and fails to materially improve the security of the script is a curious definition

Re: [PATCHES] contrib build fixes

2004-11-03 Thread Neil Conway
On Wed, 2004-11-03 at 14:45, Neil Conway wrote: Attached is a patch that makes some improvements to the contrib/ build. Applied. -Neil ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]