| From: | Asif Naeem <anaeem(dot)it(at)gmail(dot)com> |
|---|---|
| To: | Amit Kapila <amit(dot)kapila16(at)gmail(dot)com> |
| Cc: | Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>, Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>, Asif Naeem <asif(dot)naeem(at)enterprisedb(dot)com>, Dave Page <dpage(at)pgadmin(dot)org>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Akio Iwaasa <iwaasa(at)mxs(dot)nes(dot)nec(dot)co(dot)jp> |
| Subject: | Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application" |
| Date: | 2013-10-31 05:44:16 |
| Message-ID: | CAEB4t-O-Y3x2NdX5kXscQf-qxTtSGwgW6_Py4UY5xtc0BYh1FQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Oct 31, 2013 at 10:17 AM, Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>wrote:
> On Tue, Oct 29, 2013 at 12:46 PM, Naoya Anzai
> <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> > Hi Sandeep
> >
> >> I think, you should change the subject line to "Unquoted service path
> containing space is vulnerable and can be exploited on Windows" to get the
> attention.. :)
> > Thank you for advice!
> > I'll try to post to pgsql-bugs again.
>
> I could also reproduce this issue. The situation is very rare such
> that an "exe" with name same as first part of directory should exist
> in installation path.
>
I believe it is a security risk with bigger impact as it is related to
Windows environment and as installers rely on it.
> I suggest you can post your patch in next commit fest.
Yes. Are not vulnerabilities/security risk's taken care of more urgent
bases ?
> With Regards,
> Amit Kapila.
> EnterpriseDB: http://www.enterprisedb.com
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sandeep Thakkar | 2013-10-31 06:36:53 | Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application" |
| Previous Message | Jeevan Chalke | 2013-10-31 05:20:58 | Re: surprising to_timestamp behavior |