Oliver Elphick wrote:
> On Mon, 2004-10-25 at 16:03 -0400, Joey Hess wrote:
> > Package: postgresql
> > Version: 7.3.4-9
> > Severity: normal
> > Tags: security
> >=20
> > The make_oidjoins_check script, which is only shipped in the source
> > package, creates /tmp files insecurely according to CAN-2004-0977 (and
> > I've verified this).
> >=20
> > It should be fixed, just in case someone happens to find it in the
> > source package.
>=20
> Joey, I think you have rather lost your sense of proportion here.
Not really; other linux dsitributions have shipped this script in binary
packages, it's obviously not too unlikely that someone would find it and
use it.
--=20
see shy jo
--WplhKdTI2c8ulnbP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
Message-ID: <email address hidden>
Date: Tue, 26 Oct 2004 12:20:50 -0400
From: Joey Hess <email address hidden>
To: Oliver Elphick <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#278262: file in tmp hole in make_oidjoins_check
--WplhKdTI2c8ulnbP Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Oliver Elphick wrote:
> On Mon, 2004-10-25 at 16:03 -0400, Joey Hess wrote:
> > Package: postgresql
> > Version: 7.3.4-9
> > Severity: normal
> > Tags: security
> >=20
> > The make_oidjoins_check script, which is only shipped in the source
> > package, creates /tmp files insecurely according to CAN-2004-0977 (and
> > I've verified this).
> >=20
> > It should be fixed, just in case someone happens to find it in the
> > source package.
>=20
> Joey, I think you have rather lost your sense of proportion here.
Not really; other linux dsitributions have shipped this script in binary
packages, it's obviously not too unlikely that someone would find it and
use it.
--=20
see shy jo
--WplhKdTI2c8ulnbP pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
HehbQuO8RAnwVAJ 4jADl6zrHZB4INW XShPbZFjq2jhwCf V9QP /Qu5zTig=
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBfnlid8H
VfSe9Pb5SRKYr5X
=mw//
-----END PGP SIGNATURE-----
--WplhKdTI2c8ul nbP--