| From: | Michael Wood <esiotrot(at)gmail(dot)com> |
|---|---|
| To: | mladen(dot)gogala(at)vmsinfo(dot)com |
| Cc: | Andrej <andrej(dot)groups(at)gmail(dot)com>, Amish <amish(dot)pandya(at)in(dot)com>, "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org> |
| Subject: | Re: ERROR: invalid datatype 'FILE' |
| Date: | 2011-02-02 07:56:58 |
| Message-ID: | AANLkTinGaQ-GG1=rpzX+tHk0RebDLdvOoMKpm0tOR-=0@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
On 2 February 2011 08:13, Mladen Gogala <mladen(dot)gogala(at)vmsinfo(dot)com> wrote:
> Andrej wrote:
>>
>>
>> I have no idea what esqlc is, but I'll hazard a guess that it by
>> default includes
>> something that actually defines FILE. FILE isn't defined in stdio.h
>> or stdlib.h,
>> for that matter, so I'm not really surprised that it won't compile.
>>
>
> Actually, it is defined in stdio.h:
>
> cat ttt.c
>
> #include <stdio.h>
> main() {
> FILE *fp=fopen("/tmp/aaa","w+");
> fprintf(fp,"Hello World!\n");
> }
> [mgogala(at)medo tmp]$ gcc ttt.c -o ttt
> [mgogala(at)medo tmp]$
>
> No complaints. It even executes. This program, of course, is bug free.
I'll have to object to the "bug free" comment :)
You don't check if the fopen() call succeeded.
Also, if this code is run as root (e.g. from a cron job) then a local
user could convince it to overwrite any arbitrary file just by
creating a symlink in /tmp pointing to the file to overwrite (assuming
/tmp/aaa doesn't exist before the malicious user creates the symlink,
of course.)
--
Michael Wood <esiotrot(at)gmail(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mladen Gogala | 2011-02-02 13:38:55 | Re: ERROR: invalid datatype 'FILE' |
| Previous Message | Mladen Gogala | 2011-02-02 06:13:16 | Re: ERROR: invalid datatype 'FILE' |