Skip site navigation (1) Skip section navigation (2)

Re: Bug in canonicalize_path()

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>,William ZHANG <uniware(at)zedware(dot)org>, pgsql-patches(at)postgresql(dot)org
Subject: Re: Bug in canonicalize_path()
Date: 2005-08-12 19:40:29
Message-ID: 22164.1123875629@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-patches
I wrote:
> Uh, that hardly meets the API contract that I mentioned.  I think
> we really have to throw an error if the path tries to ".." above
> the starting point.

After rereading all the callers of canonicalize_path, I've concluded
that none of them actually depend on not having a terminating ".."
as I thought.  There is a risk factor, which is that a lot of places
blindly trim the last component of a path --- but AFAICS, this is only
done with paths that are known to represent the name of a program,
so the last component wouldn't be ".." anyway.

So your last version of the patch seems like the way to go.  I'll
apply it along with changing path.c to support the parent-directory
test better.

			regards, tom lane

In response to

Responses

pgsql-patches by date

Next:From: Bruce MomjianDate: 2005-08-12 19:44:16
Subject: Re: Bug in canonicalize_path()
Previous:From: Tom LaneDate: 2005-08-12 19:01:53
Subject: Re: [HACKERS] For review: Server instrumentation patch

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group