From: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
---|---|
To: | "Peter Eisentraut" <peter_e(at)gmx(dot)net>, <pgsql-hackers(at)postgresql(dot)org> |
Cc: | "Yoshiyuki Asaba" <y-asaba(at)sraoss(dot)co(dot)jp> |
Subject: | Re: pg_dump -Ft failed on Windows XP |
Date: | 2006-04-20 11:03:40 |
Message-ID: | 6BCB9D8A16AC4241919521715F4D8BCEA352D0@algol.sollentuna.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> > Indeed, that's definitly a bug. Quick patch attached. It
> does appear
> > to work, but there may be a better way?
>
> This patch introduces a security hole because an attacker
> could create, say, a suitable symlink between the time the
> name is generated and the file is opened.
Good point. I guess what I need to do is use open() specifying O_CREATE,
and then fdopen() that file.
Question: Is the use of O_TEMPORARY to open() portable? (my win32 docs
say it will make the file automatically deleted when the last descriptor
is closed, which I didn't know before. That would make the patch much
simpler, but might require #ifdefs?)
//Magnus
From | Date | Subject | |
---|---|---|---|
Next Message | Martijn van Oosterhout | 2006-04-20 11:05:47 | Checking assumptions |
Previous Message | Bruce Momjian | 2006-04-20 11:02:01 | Unresolved Win32 bug reports |