Re: Regression test PANICs with master-standby setup on same machine

At Wed, 24 Apr 2019 09:30:12 -0700, Andres Freund <andres(at)anarazel(dot)de> wrote in <20190424163012(dot)7wzdl6j2v73cufip(at)alap3(dot)anarazel(dot)de>
> Hi,
>
> On 2019-04-24 17:02:28 +0900, Kyotaro HORIGUCHI wrote:
> > +/*
> > + * Check if the path is in the data directory strictly.
> > + */
> > +static bool
> > +is_in_data_directory(const char *path)
> > +{
<hinde the ugly thing:p>
> > + errmsg("could not chdir to the current working directory \"%s\": %m",
> > + cwd)));
> > +
> > + return path_is_prefix_of_path(absdatadir, abspath);
> > +}
>
> This seems like a bad idea to me. Why don't we just use
> make_absolute_path() on the proposed tablespace path, and then check
> path_is_prefix_of() or such? Sure, that can be tricked using symlinks
> etc, but that's already the case.

Thanks for the suggestions, Tom, Andres. For clarity, as I
mentioned in the post, I didn't like the getcwd in 0001. The
reason for the previous patch are:

1. canonicalize_path doesn't process '/.' and '/..' in the middle
of a path. That prevents correct checking of directory
inclusiveness. Actually regression test suffers that.

2. Simply I missed make_absolute_path..

So, I rewote canonicalize_path to process '.' and '..'s not only
at the end of a path but all occurrances in a path. This makes
the strange loop of chdir-getwen useless. But the new
canonicalize_path is a bit complex.

The modified canonicalize_path works filesystem-access-free so it
doesn't follow symlinks. Thus it makes a misjudge when two paths
are in an inclusion relationship after resolving symlinks in the
paths. But I don't think we don't need to treat such a malicious
situation.

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center