| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | "T(dot)J(dot)" <tjtoocool(at)phreaker(dot)net>, pgsql-hackers-win32(at)postgresql(dot)org, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, Magnus Hagander <mha(at)sollentuna(dot)net>, "Matthew T(dot) O'Connor" <matthew(at)zeut(dot)net>, Dave Page <dpage(at)vale-housing(dot)co(dot)uk> |
| Subject: | Re: [BUGS] More SSL questions.. |
| Date: | 2005-01-08 22:26:39 |
| Message-ID: | 9259.1105223199@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers-win32 |
Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> Tom Lane wrote:
>> Doh --- isn't fstat's st_ino a meaningless value on Windows?
> Pretty much, yes.
The minimum change to fix it would be to ifdef out the fstat call and
ino/dev test on WIN32. However, I'm wondering why the code does it that
way in the first place. The proper way to enforce the security check,
if we're worried about race conditions, is to apply the file
ownership/permissions test to the fstat result. It's not clear to me
that the stat call before fopen is worth anything at all. Thoughts?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2005-01-10 04:27:42 | Re: [BUGS] More SSL questions.. |
| Previous Message | Andrew Dunstan | 2005-01-08 22:02:04 | Re: [BUGS] More SSL questions.. |