> > > Indeed, that's definitly a bug. Quick patch attached. It > > does appear > > > to work, but there may be a better way? > > > > This patch introduces a security hole because an attacker could > > create, say, a suitable symlink between the time the name > is generated > > and the file is opened. > > Good point. I guess what I need to do is use open() > specifying O_CREATE, and then fdopen() that file. > > Question: Is the use of O_TEMPORARY to open() portable? (my > win32 docs say it will make the file automatically deleted > when the last descriptor is closed, which I didn't know > before. That would make the patch much simpler, but might > require #ifdefs?)
Actually, since I'm running out the door, here is a new attempt that changes behaviour only on win32. And that also appears to work, but may be wrong ;-) //Magnus
pg_dump_tempfile.patch
Description: pg_dump_tempfile.patch
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
