Re: [HACKERS] For review: Server instrumentation patch

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>, Dave Page <dpage(at)vale-housing(dot)co(dot)uk>, Andreas Pflug <pgadmin(at)pse-consulting(dot)de>
Subject: Re: [HACKERS] For review: Server instrumentation patch
Date: 2005-08-12 18:27:34
Message-ID: 21618.1123871254@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-patches

Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Here is an updated patch I have just applied (catalog version updated).

Actually, you forgot the catversion bump.

I read over this and fixed most of the problems I could see, but there
is still one left:

/*
* Prevent reference to the parent directory.
* "..a.." is a valid file name though.
*
* XXX this is BROKEN because it fails to prevent "C:.." on Windows.
* Need access to "skip_drive" functionality to do it right. (There
* is no actual security hole because we'll prepend the DataDir below,
* resulting in a just-plain-broken path, but we should give the right
* error message instead.)
*/

I'm not sure whether to export skip_drive from path.c or just duplicate
it. If we do export it, a different name would probably be a good idea,
as it seems too generic for a global symbol.

regards, tom lane

In response to

Responses

Browse pgsql-patches by date

  From Date Subject
Next Message Bruce Momjian 2005-08-12 18:53:32 Re: [HACKERS] data on devel code perf dip
Previous Message Mary Edie Meredith 2005-08-12 18:26:46 Re: [HACKERS] data on devel code perf dip