| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, William ZHANG <uniware(at)zedware(dot)org>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: Bug in canonicalize_path() |
| Date: | 2005-08-12 19:40:29 |
| Message-ID: | 22164.1123875629@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
I wrote:
> Uh, that hardly meets the API contract that I mentioned. I think
> we really have to throw an error if the path tries to ".." above
> the starting point.
After rereading all the callers of canonicalize_path, I've concluded
that none of them actually depend on not having a terminating ".."
as I thought. There is a risk factor, which is that a lot of places
blindly trim the last component of a path --- but AFAICS, this is only
done with paths that are known to represent the name of a program,
so the last component wouldn't be ".." anyway.
So your last version of the patch seems like the way to go. I'll
apply it along with changing path.c to support the parent-directory
test better.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2005-08-12 19:44:16 | Re: Bug in canonicalize_path() |
| Previous Message | Tom Lane | 2005-08-12 19:01:53 | Re: [HACKERS] For review: Server instrumentation patch |