Comment 9 for bug 9464

Message-Id: <1098800599.2414.7.camel@linda>
Date: Tue, 26 Oct 2004 15:23:19 +0100
From: Oliver Elphick <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Re: Bug#278262: file in tmp hole in make_oidjoins_check

On Tue, 2004-10-26 at 11:40 +0100, Oliver Elphick wrote:
> On Mon, 2004-10-25 at 16:03 -0400, Joey Hess wrote:
> > Package: postgresql
> > Version: 7.3.4-9
> > Severity: normal
> > Tags: security
> >
> > The make_oidjoins_check script, which is only shipped in the source
> > package, creates /tmp files insecurely according to CAN-2004-0977 (and
> > I've verified this).
> >
> > It should be fixed, just in case someone happens to find it in the
> > source package.
>
> Joey, I think you have rather lost your sense of proportion here.
>
> We should next remove the upstream source, in case someone finds it
> there...

But in fact it actually _is_ shipped in postgresql-contrib, not just the
source, so a fix is needed.

--
Oliver Elphick <email address hidden>
Isle of Wight http://www.lfix.co.uk/oliver
GPG: 1024D/A54310EA 92C8 39E7 280E 3631 3F0E 1EC0 5664 7A2F A543 10EA
                 ========================================
     "Whosoever therefore shall be ashamed of me and of my
      words in this adulterous and sinful generation; of him
      also shall the Son of man be ashamed, when he cometh
      in the glory of his Father with the holy angels."
                                 Mark 8:38