Re: Expand the use of check_canonical_path() for more GUCs

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: Expand the use of check_canonical_path() for more GUCs
Date: 2020-05-20 07:03:26
Message-ID: 20200520070326.GF2355@paquier.xyz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, May 19, 2020 at 09:32:15AM -0400, Tom Lane wrote:
> Hm, I'm pretty certain that data_directory does not need this because
> canonicalization is done elsewhere; the most that you could accomplish
> there is to cause problems. Dunno about the rest.

Hmm. I missed that this is getting done in SelectConfigFiles() first
by the postmaster so that's not necessary, which also does the work
for hba_file and ident_file. config_file does not need that either as
AbsoluteConfigLocation() does the same work via ParseConfigFile(). So
perhaps we could add a comment or such about that? Attached is an
idea.

The rest is made of PromoteTriggerFile, pg_krb_server_keyfile,
ssl_cert_file, ssl_key_file, ssl_ca_file, ssl_crl_file and
ssl_dh_params_file where loaded values are taken as-is, so applying
canonicalization would be helpful there, no?
--
Michael

Attachment Content-Type Size
guc-path-checks-v2.patch text/x-diff 2.8 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2020-05-20 07:13:51 Re: Expand the use of check_canonical_path() for more GUCs
Previous Message Michael Paquier 2020-05-20 05:56:50 Re: explicit_bzero for sslpassword