Skip site navigation (1) Skip section navigation (2)

Re: ERROR: invalid datatype 'FILE'

From: Michael Wood <esiotrot(at)gmail(dot)com>
To: mladen(dot)gogala(at)vmsinfo(dot)com
Cc: Andrej <andrej(dot)groups(at)gmail(dot)com>, Amish <amish(dot)pandya(at)in(dot)com>, "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org>
Subject: Re: ERROR: invalid datatype 'FILE'
Date: 2011-02-02 07:56:58
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-novice
On 2 February 2011 08:13, Mladen Gogala <mladen(dot)gogala(at)vmsinfo(dot)com> wrote:
> Andrej wrote:
>> I have no idea what esqlc is, but I'll hazard a guess that it by
>> default includes
>> something that actually defines FILE.  FILE isn't defined in stdio.h
>> or stdlib.h,
>> for that matter, so I'm not really surprised that it won't compile.
> Actually, it is defined in stdio.h:
> cat ttt.c
> #include <stdio.h>
> main() {
>   FILE *fp=fopen("/tmp/aaa","w+");
>   fprintf(fp,"Hello World!\n");
> }
> [mgogala(at)medo tmp]$ gcc ttt.c -o ttt
> [mgogala(at)medo tmp]$
> No complaints. It even executes. This program, of course, is bug free.

I'll have to object to the "bug free" comment :)

You don't check if the fopen() call succeeded.

Also, if this code is run as root (e.g. from a cron job) then a local
user could convince it to overwrite any arbitrary file just by
creating a symlink in /tmp pointing to the file to overwrite (assuming
/tmp/aaa doesn't exist before the malicious user creates the symlink,
of course.)

Michael Wood <esiotrot(at)gmail(dot)com>

In response to


pgsql-novice by date

Next:From: Mladen GogalaDate: 2011-02-02 13:38:55
Subject: Re: ERROR: invalid datatype 'FILE'
Previous:From: Mladen GogalaDate: 2011-02-02 06:13:16
Subject: Re: ERROR: invalid datatype 'FILE'

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group