Tom Lane wrote: > Bruce Momjian <br...@momjian.us> writes: > > I have reviewed is_absolute_path() and have implemented > > path_is_relative_and_below_cwd() to cleanly handle cases like 'E:abc' on > > Win32; patch attached. > > This patch appears to remove some security-critical restrictions. > Why did you delete the path_contains_parent_reference calls?
They are now in path_is_relative_and_below_cwd(), and I assume we can allow ".." for an absolute path in these cases, i.e. it has to match the data or log path we defined, and I don't see a general reason to prevent ".." in absolute paths, only relative ones. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
