Re: [BUGS] More SSL questions..

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: "T(dot)J(dot)" <tjtoocool(at)phreaker(dot)net>, pgsql-hackers-win32(at)postgresql(dot)org, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, Magnus Hagander <mha(at)sollentuna(dot)net>, "Matthew T(dot) O'Connor" <matthew(at)zeut(dot)net>, Dave Page <dpage(at)vale-housing(dot)co(dot)uk>
Subject: Re: [BUGS] More SSL questions..
Date: 2005-01-08 22:26:39
Message-ID: 9259.1105223199@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers-win32

Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> Tom Lane wrote:
>> Doh --- isn't fstat's st_ino a meaningless value on Windows?

> Pretty much, yes.

The minimum change to fix it would be to ifdef out the fstat call and
ino/dev test on WIN32. However, I'm wondering why the code does it that
way in the first place. The proper way to enforce the security check,
if we're worried about race conditions, is to apply the file
ownership/permissions test to the fstat result. It's not clear to me
that the stat call before fopen is worth anything at all. Thoughts?

regards, tom lane

In response to

Browse pgsql-hackers-win32 by date

  From Date Subject
Next Message Bruce Momjian 2005-01-10 04:27:42 Re: [BUGS] More SSL questions..
Previous Message Andrew Dunstan 2005-01-08 22:02:04 Re: [BUGS] More SSL questions..