On 01/19/2015 07:38 AM, Michael Paquier wrote:
> Looking at the set of TAP tests, I think that those lines open again
> the door of CVE-2014-0067 (vulnerability with make check) on Windows:
> # Initialize master, data checksums are mandatory
> remove_tree($test_master_datadir);
> system_or_bail("initdb -N -A trust -D $test_master_datadir
>>> $log_path");
> IMO we should use standard_initdb in TestLib.pm instead as pg_regress
> --config-auth would be used for SSPI. standard_initdb should be
> extended a bit as well to be able to pass a path to logs with
> /dev/null as default. TAP tests do not run on Windows, still I think
> that it would be better to cover any eventuality in this area before
> we forget. Already mentioned by Peter, but I think as well that the
> new additions to TAP should be a separate patch.
Agreed, fixed to use standard_initdb. .
> Random thought (not related to this patch), have a new option in
> initdb doing this legwork:
> + # Accept replication connections on master
> + append_to_file("$test_master_datadir/pg_hba.conf", qq(
> +local replication all trust
> +host replication all 127.0.0.1/32 trust
> +host replication all ::1/128 trust
> +));
Yeah, that would be good. Perhaps as part of the pg_regress
--config-auth. If it's an initdb, then it might make sense to have the
same option to set wal_level=hot_standby, and max_wal_senders, so that
the cluster is immediately ready for replication. But that's a different
topic, I'm going to just leave it as it is in this pg_rewind patch.
Attached is a new patch version, fixing all the little things you
listed. I believe this is pretty much ready for commit. I'm going to
read it through myself one more time before committing, but I don't have
anything mind now that needs fixing anymore. I just pushed the change to
split dbcommands.h into dbcommands.h and dbcommands_xlog.h, as that
seems like a nice-to-have anyway.
- Heikki