I don't understand why the routine is called "create_or_open_dir". In
what sense does this open the directory? I think "check_or_create_dir"
would be closer to what this seem to be doing.
Is there no TOCTTOU bug in pg_dumpall because of the way this code is
written? A malicious user that can create an empty directory that
pg_dumpall is going to use as output destination could remove it after
the opendir(), then replace it with another directory with a symlink
called "global.dat" that causes some other file to be overwritten with
the privileges of the user running pg_dumpall. Maybe there's no problem
here, but I don't see what the explanation for that is.
--
Álvaro Herrera PostgreSQL Developer — https://www.EnterpriseDB.com/