| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Expand the use of check_canonical_path() for more GUCs |
| Date: | 2020-05-20 07:03:26 |
| Message-ID: | 20200520070326.GF2355@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, May 19, 2020 at 09:32:15AM -0400, Tom Lane wrote:
> Hm, I'm pretty certain that data_directory does not need this because
> canonicalization is done elsewhere; the most that you could accomplish
> there is to cause problems. Dunno about the rest.
Hmm. I missed that this is getting done in SelectConfigFiles() first
by the postmaster so that's not necessary, which also does the work
for hba_file and ident_file. config_file does not need that either as
AbsoluteConfigLocation() does the same work via ParseConfigFile(). So
perhaps we could add a comment or such about that? Attached is an
idea.
The rest is made of PromoteTriggerFile, pg_krb_server_keyfile,
ssl_cert_file, ssl_key_file, ssl_ca_file, ssl_crl_file and
ssl_dh_params_file where loaded values are taken as-is, so applying
canonicalization would be helpful there, no?
--
Michael
| Attachment | Content-Type | Size |
|---|---|---|
| guc-path-checks-v2.patch | text/x-diff | 2.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2020-05-20 07:13:51 | Re: Expand the use of check_canonical_path() for more GUCs |
| Previous Message | Michael Paquier | 2020-05-20 05:56:50 | Re: explicit_bzero for sslpassword |