diff options
author | Tom Lane | 2018-02-05 19:43:41 +0000 |
---|---|---|
committer | Tom Lane | 2018-02-05 19:44:10 +0000 |
commit | 01b2db1cd6673a94cc5249aa25b34e7d98535c11 (patch) | |
tree | 44d901da30d10578abb3b07a6c106d46543ee026 | |
parent | 790808b37736798c4da776bd91d8440d0e856e11 (diff) |
Last-minute updates for release notes.
Security: CVE-2018-1052, CVE-2018-1053
-rw-r--r-- | doc/src/sgml/release-9.3.sgml | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/doc/src/sgml/release-9.3.sgml b/doc/src/sgml/release-9.3.sgml index 8be44e33f61..6d339db8d33 100644 --- a/doc/src/sgml/release-9.3.sgml +++ b/doc/src/sgml/release-9.3.sgml @@ -35,6 +35,28 @@ <listitem> <para> + Ensure that all temporary files made + by <application>pg_upgrade</application> are non-world-readable + (Tom Lane, Noah Misch) + </para> + + <para> + <application>pg_upgrade</application> normally restricts its + temporary files to be readable and writable only by the calling user. + But the temporary file containing <literal>pg_dumpall -g</literal> + output would be group- or world-readable, or even writable, if the + user's <literal>umask</literal> setting allows. In typical usage on + multi-user machines, the <literal>umask</literal> and/or the working + directory's permissions would be tight enough to prevent problems; + but there may be people using <application>pg_upgrade</application> + in scenarios where this oversight would permit disclosure of database + passwords to unfriendly eyes. + (CVE-2018-1053) + </para> + </listitem> + + <listitem> + <para> Fix vacuuming of tuples that were updated while key-share locked (Andres Freund, Álvaro Herrera) </para> |