1. 04 Jul, 2019 1 commit
  2. 26 Jun, 2019 1 commit
  3. 15 Apr, 2019 1 commit
  4. 27 Feb, 2019 1 commit
  5. 25 Feb, 2019 3 commits
  6. 10 Oct, 2018 1 commit
  7. 08 Nov, 2017 1 commit
    • Christoph Berg's avatar
      Replace chown by lchown where applicable · 8b4d0a88
      Christoph Berg authored
      PostgreSQL's upstream init scripts have been found vulnerable to symlink
      attacks on the server log file (CVE-2017-12172). We don't use the
      upstream scripts, but inspection of pg_ctlcluster has shown that it is
      vulnerable to exactly the same problem. We fixed this problem
      previously via c8989206 (CVE-2016-1255), but the fix merely made
      the attack window smaller.
      
      We now use lchown instead of chown so a symlink put into place while
      pg_ctlcluster is running cannot be used to chown files elsewhere on the
      filesystem.
      
      In passing, apply the same fix to pg_createcluster and pg_upgradecluster
      as well.
      8b4d0a88
  8. 07 Oct, 2017 1 commit
  9. 13 Aug, 2017 1 commit
  10. 14 Jun, 2017 2 commits
  11. 21 May, 2017 1 commit
  12. 19 May, 2017 1 commit
  13. 03 May, 2017 1 commit
  14. 16 Apr, 2017 1 commit
  15. 23 Jan, 2017 2 commits
  16. 20 Dec, 2016 1 commit
  17. 24 Nov, 2016 1 commit
  18. 25 Aug, 2016 1 commit
  19. 20 Dec, 2015 1 commit
  20. 17 Dec, 2015 1 commit
  21. 06 Dec, 2015 1 commit
  22. 08 Oct, 2015 1 commit
  23. 07 Oct, 2015 2 commits
  24. 21 Sep, 2015 2 commits
  25. 16 Sep, 2014 1 commit
  26. 05 Sep, 2014 1 commit
  27. 03 Sep, 2014 1 commit
  28. 21 Jul, 2014 1 commit
  29. 18 Jul, 2014 1 commit
  30. 11 Jul, 2014 2 commits
  31. 02 Jul, 2014 1 commit
  32. 26 Jun, 2014 1 commit
  33. 20 May, 2014 1 commit