On Sat, Nov 17, 2018 at 10:15:08PM +0100, Daniel Gustafsson wrote: > > On 15 Nov 2018, at 22:42, Tom Lane <t...@sss.pgh.pa.us> wrote: > > > Further point about that: pg_regress's method of creating a temp > > directory under /tmp is secure only on machines with the stickybit > > set on /tmp; otherwise it's possible for an attacker to rename the > > temp dir out of the way and inject his own socket. We agreed that > > that was an okay risk to take for testing purposes, but I'm much > > less willing to assume that it's okay for production use with > > pg_upgrade. > > That’s a good point, it’s not an assumption I’d be comfortable with when it > deals with system upgrades.
As in https://postgr.es/m/flat/20140329222934.gc170...@tornado.leadboat.com, I maintain that insecure /tmp is not worth worrying about in any part of PostgreSQL.