Comment 8 for bug 9464

Message-Id: <1098787254.10951.87.camel@linda>
Date: Tue, 26 Oct 2004 11:40:54 +0100
From: Oliver Elphick <email address hidden>
To: Joey Hess <email address hidden>, <email address hidden>
Subject: Re: Bug#278262: file in tmp hole in make_oidjoins_check

On Mon, 2004-10-25 at 16:03 -0400, Joey Hess wrote:
> Package: postgresql
> Version: 7.3.4-9
> Severity: normal
> Tags: security
>
> The make_oidjoins_check script, which is only shipped in the source
> package, creates /tmp files insecurely according to CAN-2004-0977 (and
> I've verified this).
>
> It should be fixed, just in case someone happens to find it in the
> source package.

Joey, I think you have rather lost your sense of proportion here.

We should next remove the upstream source, in case someone finds it
there...

--
Oliver Elphick <email address hidden>
Isle of Wight http://www.lfix.co.uk/oliver
GPG: 1024D/A54310EA 92C8 39E7 280E 3631 3F0E 1EC0 5664 7A2F A543 10EA
                 ========================================
     "Whosoever therefore shall be ashamed of me and of my
      words in this adulterous and sinful generation; of him
      also shall the Son of man be ashamed, when he cometh
      in the glory of his Father with the holy angels."
                                 Mark 8:38