| Lists: | pgsql-hackers |
|---|
| From: | "Etsuro Fujita" <fujita(dot)etsuro(at)lab(dot)ntt(dot)co(dot)jp> |
|---|---|
| To: | "'PostgreSQL-development'" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Don't allow relative path for copy from file |
| Date: | 2012-08-15 09:17:37 |
| Message-ID: | 001501cd7ac6$cfdec990$6f9c5cb0$@lab.ntt.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
As described in the reference manual for COPY, we should to check file's path
format not to allow relative path. Please find attached a patch.
Thanks,
Best regards,
Etsuro Fujita
| Attachment | Content-Type | Size |
|---|---|---|
| copy_from_pathcheck.patch | application/octet-stream | 567 bytes |
| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Etsuro Fujita" <fujita(dot)etsuro(at)lab(dot)ntt(dot)co(dot)jp> |
| Cc: | "'PostgreSQL-development'" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Don't allow relative path for copy from file |
| Date: | 2012-08-15 14:05:54 |
| Message-ID: | 2761.1345039554@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
"Etsuro Fujita" <fujita(dot)etsuro(at)lab(dot)ntt(dot)co(dot)jp> writes:
> As described in the reference manual for COPY, we should to check file's path
> format not to allow relative path. Please find attached a patch.
The argument for disallowing writing to a relative path is to make it
harder to accidentally overwrite a database file. That argument does
not apply to COPY IN, so I'm not convinced we should impose an
additional restriction. It's not out of the question that this would
break real-world use-cases --- imagine someone whose workflow involves
copying data files across a network to a directory accessible to the
server (and quite possibly specified by a relative path) and then doing
COPY IN.
In any case, this patch is missing documentation updates, specifically
the paragraph in the COPY reference page that it falsifies.
regards, tom lane
| From: | "Etsuro Fujita" <fujita(dot)etsuro(at)lab(dot)ntt(dot)co(dot)jp> |
|---|---|
| To: | "'Tom Lane'" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "'PostgreSQL-development'" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Don't allow relative path for copy from file |
| Date: | 2012-08-16 06:11:56 |
| Message-ID: | 001201cd7b76$09a973f0$1cfc5bd0$@lab.ntt.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
> From: Tom Lane [mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us]
> "Etsuro Fujita" <fujita(dot)etsuro(at)lab(dot)ntt(dot)co(dot)jp> writes:
> > As described in the reference manual for COPY, we should to check file's
path
> > format not to allow relative path. Please find attached a patch.
>
> The argument for disallowing writing to a relative path is to make it
> harder to accidentally overwrite a database file. That argument does
> not apply to COPY IN, so I'm not convinced we should impose an
> additional restriction. It's not out of the question that this would
> break real-world use-cases --- imagine someone whose workflow involves
> copying data files across a network to a directory accessible to the
> server (and quite possibly specified by a relative path) and then doing
> COPY IN.
>
> In any case, this patch is missing documentation updates, specifically
> the paragraph in the COPY reference page that it falsifies.
Agreed. I'd like to withdraw the patch sent in the earlier post, and propose to
update the documentation in the COPY reference page. Please find attached a
patch.
Thanks,
Best regards,
Etsuro Fujita
| Attachment | Content-Type | Size |
|---|---|---|
| copy_ref_page.patch | application/octet-stream | 990 bytes |
| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Etsuro Fujita <fujita(dot)etsuro(at)lab(dot)ntt(dot)co(dot)jp> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Don't allow relative path for copy from file |
| Date: | 2012-08-30 17:19:10 |
| Message-ID: | CA+Tgmob2MOJZwG9AhQ3yJgRgJh-_RTc4JvGH2LpxA-Ftm70b1w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
On Thu, Aug 16, 2012 at 2:11 AM, Etsuro Fujita
<fujita(dot)etsuro(at)lab(dot)ntt(dot)co(dot)jp> wrote:
> Agreed. I'd like to withdraw the patch sent in the earlier post, and propose to
> update the documentation in the COPY reference page. Please find attached a
> patch.
I think this is a good idea, but I didn't like the exact wording you
chose, so I committed something a little different. Let me know
whether it looks OK.
Thanks,
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From: | "Etsuro Fujita" <fujita(dot)etsuro(at)lab(dot)ntt(dot)co(dot)jp> |
|---|---|
| To: | "'Robert Haas'" <robertmhaas(at)gmail(dot)com> |
| Cc: | "'Tom Lane'" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "'PostgreSQL-development'" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Don't allow relative path for copy from file |
| Date: | 2012-08-31 05:04:44 |
| Message-ID: | 002a01cd8736$22bb5ae0$683210a0$@lab.ntt.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
> From: Robert Haas [mailto:robertmhaas(at)gmail(dot)com]
> On Thu, Aug 16, 2012 at 2:11 AM, Etsuro Fujita
> <fujita(dot)etsuro(at)lab(dot)ntt(dot)co(dot)jp> wrote:
> > Agreed. I'd like to withdraw the patch sent in the earlier post, and
propose
> to
> > update the documentation in the COPY reference page. Please find attached
> a
> > patch.
>
> I think this is a good idea, but I didn't like the exact wording you
> chose, so I committed something a little different. Let me know
> whether it looks OK.
It looks fine to me. Thanks!
Best regards,
Etsuro Fujita