I don't understand why the routine is called "create_or_open_dir". In what sense does this open the directory? I think "check_or_create_dir" would be closer to what this seem to be doing.
Is there no TOCTTOU bug in pg_dumpall because of the way this code is written? A malicious user that can create an empty directory that pg_dumpall is going to use as output destination could remove it after the opendir(), then replace it with another directory with a symlink called "global.dat" that causes some other file to be overwritten with the privileges of the user running pg_dumpall. Maybe there's no problem here, but I don't see what the explanation for that is. -- Álvaro Herrera PostgreSQL Developer — https://www.EnterpriseDB.com/
