Re: pg_dump -Ft failed on Windows XP

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-hackers(at)postgresql(dot)org
Cc: "Magnus Hagander" <mha(at)sollentuna(dot)net>, "Yoshiyuki Asaba" <y-asaba(at)sraoss(dot)co(dot)jp>
Subject: Re: pg_dump -Ft failed on Windows XP
Date: 2006-04-20 10:45:26
Message-ID: 200604201245.27186.peter_e@gmx.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Am Donnerstag, 20. April 2006 10:47 schrieb Magnus Hagander:
> Indeed, that's definitly a bug. Quick patch attached. It does appear to
> work, but there may be a better way?

This patch introduces a security hole because an attacker could create, say, a
suitable symlink between the time the name is generated and the file is
opened.

--
Peter Eisentraut
http://developer.postgresql.org/~petere/

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2006-04-20 11:02:01 Unresolved Win32 bug reports
Previous Message Bruce Momjian 2006-04-20 10:34:24 Re: float8 regression test failure in head