On 2 February 2011 15:38, Mladen Gogala <mladen(dot)gogala(at)vmsinfo(dot)com> wrote:
> Michael Wood wrote:
>> I'll have to object to the "bug free" comment :)
>> You don't check if the fopen() call succeeded.
>> Also, if this code is run as root (e.g. from a cron job) then a local
>> user could convince it to overwrite any arbitrary file just by
>> creating a symlink in /tmp pointing to the file to overwrite (assuming
>> /tmp/aaa doesn't exist before the malicious user creates the symlink,
>> of course.)
> You are correct, I admit my programming sins. With two bugs in two lines of
> code, I am as good as Microsoft or Oracle. I'll have to start making
> contributions to the Postgres community.
I thought afterwards that perhaps you meant we got any included bugs for free.
Michael Wood <esiotrot(at)gmail(dot)com>
In response to
pgsql-novice by date
|Next:||From: Basil Bourque||Date: 2011-02-02 22:09:18|
|Subject: Make pgAdmin default "Not NULL" checkbox to ON|
|Previous:||From: Mladen Gogala||Date: 2011-02-02 13:38:55|
|Subject: Re: ERROR: invalid datatype 'FILE'|