| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | "Thomer M(dot) Gil" <postgresql(at)thomer(dot)com>, pgsql-bugs(at)postgresql(dot)org, Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Subject: | Re: syntax error causes crafted data to be executed in shell |
| Date: | 2004-12-18 04:21:38 |
| Message-ID: | 27481.1103343698@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Tom, would you show an example of the change in behavior? I didn't
> understand the details.
In CVS tip:
regression=# \N `touch wrong1` \i `touch wrong2`
Invalid command \N. Try \? for help.
: No such file or directory
regression=#
Both wrong1 and wrong2 are created. Thomer originally asserted that
wrong1 shouldn't have been created, ie, we shouldn't have tried to
evaluate the backticked "argument" to \N. I further suggest that it's
not a good idea to even try to process the \i command. I'd prefer to
see something like
regression=# \N `touch wrong1` \i `touch wrong2`
Invalid command \N. Try \? for help.
Ignoring junk "`touch wrong1` \i `touch wrong2`"
regression=#
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2004-12-18 04:26:38 | Re: syntax error causes crafted data to be executed in shell |
| Previous Message | Ken Johanson | 2004-12-18 04:14:26 | Re: BUG #1350: Backslash ecape charcter violates ISO/ANSI |