| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Juan José Santamaría Flecha <juanjo(dot)santamaria(at)gmail(dot)com> |
| Cc: | cilizili(at)protonmail(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in the current directory. |
| Date: | 2019-10-26 17:44:00 |
| Message-ID: | 857.1572111840@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
=?UTF-8?Q?Juan_Jos=C3=A9_Santamar=C3=ADa_Flecha?= <juanjo(dot)santamaria(at)gmail(dot)com> writes:
> On Sat, Oct 26, 2019 at 5:20 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> Right, but does cmd.exe have a well-defined location in Windows?
>> I don't think we can know which drive it's on, for starters.
> The environment variable COMSPEC [1] should point to the right location.
Hm. I don't have any objection to using COMSPEC if it's set, but
of course that changes nothing from a security perspective. It's
just a different route by which pg_ctl, pg_upgrade, etc can be
misled.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2019-10-26 21:56:46 | Re: BUG #16082: TOAST's pglz_decompress access to uninitialized data, if the database is corrupted. |
| Previous Message | Juan José Santamaría Flecha | 2019-10-26 17:33:02 | Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in the current directory. |