On Sun, Dec 19, 2010 at 14:06, Craig Ringer <cr...@postnewspapers.com.au> wrote: > On 19/12/2010 8:05 PM, Magnus Hagander wrote: > >> Actually, looking through it again just before commit, I can't help >> but think the whole code about loading the DLL from different places >> is unnecessary. The windows DLL search order *always* has the >> directory of the EXE first, followed by either system dirs or CWD >> depending on version. >> >> Any reason not to just call LoadLibrary once? > > Good point. The program directory was added to the DLL search path with > Windows XP. On any Windows version that Pg targets you can trust Windows to > load a DLL from the app dir before system32. We don't really care about > win2k/nt4 or 9x, where this is necessary. > > It's not a security concern for the reasons already outlined in the comments > in the patch - in brief, because Pg keeps the cwd inside the datadir, and if > someone can write malicious files in there you have big problems already. If > it was a security concern our fallback would be an attempt to load > %WINDIR%\system32\dbghelp.dll by full path, rather than using an unqualified > name to search the path. > > So: I agree. We should just let Windows find dbghelp.dll on the normal > search path; building an explicit path isn't necessary.
I've committed the version that does this. Thanks! -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
