Comment 19 for bug 9464

Message-ID: <email address hidden>
Date: Tue, 26 Oct 2004 12:20:50 -0400
From: Joey Hess <email address hidden>
To: Oliver Elphick <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#278262: file in tmp hole in make_oidjoins_check

--WplhKdTI2c8ulnbP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Oliver Elphick wrote:
> On Mon, 2004-10-25 at 16:03 -0400, Joey Hess wrote:
> > Package: postgresql
> > Version: 7.3.4-9
> > Severity: normal
> > Tags: security
> >=20
> > The make_oidjoins_check script, which is only shipped in the source
> > package, creates /tmp files insecurely according to CAN-2004-0977 (and
> > I've verified this).
> >=20
> > It should be fixed, just in case someone happens to find it in the
> > source package.
>=20
> Joey, I think you have rather lost your sense of proportion here.

Not really; other linux dsitributions have shipped this script in binary
packages, it's obviously not too unlikely that someone would find it and
use it.

--=20
see shy jo

--WplhKdTI2c8ulnbP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBfnlid8HHehbQuO8RAnwVAJ4jADl6zrHZB4INWXShPbZFjq2jhwCfV9QP
VfSe9Pb5SRKYr5X/Qu5zTig=
=mw//
-----END PGP SIGNATURE-----

--WplhKdTI2c8ulnbP--