On 2 February 2011 15:38, Mladen Gogala <mladen.gogala@vmsinfo.com> wrote:
> Michael Wood wrote:
>>
>> I'll have to object to the "bug free" comment :)
>>
>> You don't check if the fopen() call succeeded.
>>
>> Also, if this code is run as root (e.g. from a cron job) then a local
>> user could convince it to overwrite any arbitrary file just by
>> creating a symlink in /tmp pointing to the file to overwrite (assuming
>> /tmp/aaa doesn't exist before the malicious user creates the symlink,
>> of course.)
>
> You are correct, I admit my programming sins. With two bugs in two lines of
> code, I am as good as Microsoft or Oracle. I'll have to start making
> contributions to the Postgres community.
:)
I thought afterwards that perhaps you meant we got any included bugs for free.
--
Michael Wood <esiotrot@gmail.com>
