Hi Sergei, On Mon, Dec 21, 2015 at 08:22:51PM +0100, Sergei Golubchik wrote:
Hi, Sergey!
On Dec 21, Sergey Vojtovich wrote:
On Mon, Dec 21, 2015 at 01:45:27PM +0100, Sergei Golubchik wrote:
besides, what the plan for moving to unix_socket auth? Strictly speaking there is no plan. If you're asking for my opinion: I like it. I'd avoid such massive changes to not very well tested scripts in GA versions. 10.2 seem to be reasonable target version.
I could probably do that over the next week, or some time in February/March.
my point was - if unix_socket comes soon, why bother fixing these issues? and it not, then "will be solved by unix_socket" is not an excuse we can use. I'm fine if we agree to port unix socket to 10.2 and leave previous versions unfixed.
Okay, let's do that.
Let's just push the chmod fix, it's the only security-relevant issue in your MDEV. But now I'm thinking that your fix isn't bullet-proof either, it makes the window smaller but doesn't eliminate it. Push it just to 10.1? Just chmod and no chown? I don't mind, but it deviates from original behavior.
A safe version could be something like
sh -c 'umask 0077 && touch /secret/file'
You're right, permission is checked on open and not on subsequent IO. I'll fix it. Thanks, Sergey