Re: ERROR: invalid datatype 'FILE'
| От | Michael Wood |
|---|---|
| Тема | Re: ERROR: invalid datatype 'FILE' |
| Дата | |
| Msg-id | AANLkTikV0a=QUKSEwUYKYqxxgEWmko-B_y13sgz-5u79@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: ERROR: invalid datatype 'FILE' (Mladen Gogala <mladen.gogala@vmsinfo.com>) |
| Список | pgsql-novice |
On 2 February 2011 15:38, Mladen Gogala <mladen.gogala@vmsinfo.com> wrote: > Michael Wood wrote: >> >> I'll have to object to the "bug free" comment :) >> >> You don't check if the fopen() call succeeded. >> >> Also, if this code is run as root (e.g. from a cron job) then a local >> user could convince it to overwrite any arbitrary file just by >> creating a symlink in /tmp pointing to the file to overwrite (assuming >> /tmp/aaa doesn't exist before the malicious user creates the symlink, >> of course.) > > You are correct, I admit my programming sins. With two bugs in two lines of > code, I am as good as Microsoft or Oracle. I'll have to start making > contributions to the Postgres community. :) I thought afterwards that perhaps you meant we got any included bugs for free. -- Michael Wood <esiotrot@gmail.com>
В списке pgsql-novice по дате отправления: