On Fri, Nov 21, 2025 at 5:14 PM Amul Sul <sulamul@gmail.com> wrote:
>
> On Wed, Nov 19, 2025 at 1:50 PM Jakub Wartak
> <jakub.wartak@enterprisedb.com> wrote:
> >
> > On Mon, Nov 17, 2025 at 5:51 AM Amul Sul <sulamul@gmail.com> wrote:
> > >
> > > On Thu, Nov 6, 2025 at 2:33 PM Amul Sul <sulamul@gmail.com> wrote:
> > > >
> > > > On Mon, Oct 20, 2025 at 8:05 PM Robert Haas <robertmhaas@gmail.com> wrote:
> > > > >
> > > > > On Thu, Oct 16, 2025 at 7:49 AM Amul Sul <sulamul@gmail.com> wrote:
> > > > > [....]
> > > > Kindly have a look at the attached version. Thank you !
> > > >
> > >
> > > Attached is the rebased version against the latest master head (e76defbcf09).
> >
> > Hi Amul, thanks for working on this. I haven't really looked at the
> > source code deeply (I trust Robert eyes much more than mine on this
> > one), just skimmed a little bit:
> >
> > 1. As stated earlier, get_tmp_walseg_path() is still vulnerable (it
> > uses predictable path that could be used by attacker in $TMPDIR)
> >
>
> Yeah, I haven't done anything regarding this since I am unsure of what
> should be done and what the risks involved are. I am thinking of
> taking Robert's opinion on this.
>
Per offline discussion with Robert and Jakub, I have updated the patch
to use mkdtemp() as suggested, which is already available in the tree
for similar purposes. Thanks !
Regards,
Amul