Hi,
On 2019-04-24 17:02:28 +0900, Kyotaro HORIGUCHI wrote:
> +/*
> + * Check if the path is in the data directory strictly.
> + */
> +static bool
> +is_in_data_directory(const char *path)
> +{
> + char cwd[MAXPGPATH];
> + char abspath[MAXPGPATH];
> + char absdatadir[MAXPGPATH];
> +
> + getcwd(cwd, MAXPGPATH);
> + if (chdir(path) < 0)
> + ereport(ERROR,
> + (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
> + errmsg("invalid directory \"%s\": %m", path)));
> +
> + /* getcwd is defined as returning absolute path */
> + getcwd(abspath, MAXPGPATH);
> +
> + /* DataDir needs to be canonicalized */
> + if (chdir(DataDir))
> + ereport(FATAL,
> + (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
> + errmsg("could not chdir to the data directory \"%s\": %m",
> + DataDir)));
> + getcwd(absdatadir, MAXPGPATH);
> +
> + /* this must succeed */
> + if (chdir(cwd))
> + ereport(FATAL,
> + (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
> + errmsg("could not chdir to the current working directory \"%s\": %m",
> + cwd)));
> +
> + return path_is_prefix_of_path(absdatadir, abspath);
> +}
This seems like a bad idea to me. Why don't we just use
make_absolute_path() on the proposed tablespace path, and then check
path_is_prefix_of() or such? Sure, that can be tricked using symlinks
etc, but that's already the case.
Greetings,
Andres Freund