+
+ Ensure that all temporary files made
+ by
pg_upgrade are non-world-readable
+ (Tom Lane, Noah Misch)
+
+
+
pg_upgrade normally restricts its
+ temporary files to be readable and writable only by the calling user.
+ But the temporary file containing pg_dumpall -g
+ output would be group- or world-readable, or even writable, if the
+ user's umask setting allows. In typical usage on
+ multi-user machines, the umask and/or the working
+ directory's permissions would be tight enough to prevent problems;
+ but there may be people using
pg_upgrade+ in scenarios where this oversight would permit disclosure of database
+ passwords to unfriendly eyes.
+ (CVE-2018-1053)
+
+
+
Fix vacuuming of tuples that were updated while key-share locked
+
+ Ensure that all temporary files made
+ by
pg_upgrade are non-world-readable
+ (Tom Lane, Noah Misch)
+
+
+
pg_upgrade normally restricts its
+ temporary files to be readable and writable only by the calling user.
+ But the temporary file containing pg_dumpall -g
+ output would be group- or world-readable, or even writable, if the
+ user's umask setting allows. In typical usage on
+ multi-user machines, the umask and/or the working
+ directory's permissions would be tight enough to prevent problems;
+ but there may be people using
pg_upgrade+ in scenarios where this oversight would permit disclosure of database
+ passwords to unfriendly eyes.
+ (CVE-2018-1053)
+
+
+
Fix vacuuming of tuples that were updated while key-share locked
+
+ Ensure that all temporary files made
+ by
pg_upgrade are non-world-readable
+ (Tom Lane, Noah Misch)
+
+
+
pg_upgrade normally restricts its
+ temporary files to be readable and writable only by the calling user.
+ But the temporary file containing pg_dumpall -g
+ output would be group- or world-readable, or even writable, if the
+ user's umask setting allows. In typical usage on
+ multi-user machines, the umask and/or the working
+ directory's permissions would be tight enough to prevent problems;
+ but there may be people using
pg_upgrade+ in scenarios where this oversight would permit disclosure of database
+ passwords to unfriendly eyes.
+ (CVE-2018-1053)
+
+
+
Fix vacuuming of tuples that were updated while key-share locked
+
+ Ensure that all temporary files made
+ by
pg_upgrade are non-world-readable
+ (Tom Lane, Noah Misch)
+
+
+
pg_upgrade normally restricts its
+ temporary files to be readable and writable only by the calling user.
+ But the temporary file containing pg_dumpall -g
+ output would be group- or world-readable, or even writable, if the
+ user's umask setting allows. In typical usage on
+ multi-user machines, the umask and/or the working
+ directory's permissions would be tight enough to prevent problems;
+ but there may be people using
pg_upgrade+ in scenarios where this oversight would permit disclosure of database
+ passwords to unfriendly eyes.
+ (CVE-2018-1053)
+
+
+
Fix vacuuming of tuples that were updated while key-share locked
projects / postgresql.git / commitdiff