Re: as per commit 643a1a61985bef2590496, move create/open dir code to function using switch case of pg_backup_directory.c file also

From: Álvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>
To: Mahendra Singh Thalor <mahi6run(at)gmail(dot)com>
Cc: Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: as per commit 643a1a61985bef2590496, move create/open dir code to function using switch case of pg_backup_directory.c file also
Date: 2025-04-11 12:07:55
Message-ID: 202504111207.pk6wancjzolp@alvherre.pgsql
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

I don't understand why the routine is called "create_or_open_dir". In
what sense does this open the directory? I think "check_or_create_dir"
would be closer to what this seem to be doing.

Is there no TOCTTOU bug in pg_dumpall because of the way this code is
written? A malicious user that can create an empty directory that
pg_dumpall is going to use as output destination could remove it after
the opendir(), then replace it with another directory with a symlink
called "global.dat" that causes some other file to be overwritten with
the privileges of the user running pg_dumpall. Maybe there's no problem
here, but I don't see what the explanation for that is.

--
Álvaro Herrera PostgreSQL Developer — https://www.EnterpriseDB.com/

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Ranier Vilela 2025-04-11 12:16:20 Re: Silence resource leaks alerts
Previous Message Robert Haas 2025-04-11 11:43:38 Re: Add pg_buffercache_evict_all() and pg_buffercache_mark_dirty[_all]() functions