| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>, Dave Page <dpage(at)vale-housing(dot)co(dot)uk>, Andreas Pflug <pgadmin(at)pse-consulting(dot)de> |
| Subject: | Re: [HACKERS] For review: Server instrumentation patch |
| Date: | 2005-08-12 18:27:34 |
| Message-ID: | 21618.1123871254@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Here is an updated patch I have just applied (catalog version updated).
Actually, you forgot the catversion bump.
I read over this and fixed most of the problems I could see, but there
is still one left:
/*
* Prevent reference to the parent directory.
* "..a.." is a valid file name though.
*
* XXX this is BROKEN because it fails to prevent "C:.." on Windows.
* Need access to "skip_drive" functionality to do it right. (There
* is no actual security hole because we'll prepend the DataDir below,
* resulting in a just-plain-broken path, but we should give the right
* error message instead.)
*/
I'm not sure whether to export skip_drive from path.c or just duplicate
it. If we do export it, a different name would probably be a good idea,
as it seems too generic for a global symbol.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2005-08-12 18:53:32 | Re: [HACKERS] data on devel code perf dip |
| Previous Message | Mary Edie Meredith | 2005-08-12 18:26:46 | Re: [HACKERS] data on devel code perf dip |