Michael Wood wrote:
> I'll have to object to the "bug free" comment :)
>
> You don't check if the fopen() call succeeded.
>
> Also, if this code is run as root (e.g. from a cron job) then a local
> user could convince it to overwrite any arbitrary file just by
> creating a symlink in /tmp pointing to the file to overwrite (assuming
> /tmp/aaa doesn't exist before the malicious user creates the symlink,
> of course.)
>
>
You are correct, I admit my programming sins. With two bugs in two lines
of code, I am as good as Microsoft or Oracle. I'll have to start making
contributions to the Postgres community.
--
Mladen Gogala
Sr. Oracle DBA
1500 Broadway
New York, NY 10036
(212) 329-5251
www.vmsinfo.com
