From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Thomas Lockhart <lockhart(at)alumni(dot)caltech(dot)edu>, Postgres Hackers List <hackers(at)postgresql(dot)org> |
Subject: | Re: [HACKERS] Re: [PATCHES] createdb/dropdb fixes |
Date: | 1999-12-17 00:31:23 |
Message-ID: | Pine.LNX.4.21.9912161948210.5199-100000@localhost.localdomain |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 1999-12-14, Tom Lane mentioned:
> Yes. In fact, I'd argue for filtering the names more heavily than that;
> just to take a for-example, Bad Things would ensue if we accepted a
> database name of "..".
My rm refuses to remove '..' and '.'.
> It is easy to devise cases in which accepting leading "." or embedded "/"
> leads to disaster; if you think those are OK, allow me to destroy your
> installation for you ;-). I haven't yet thought of a way to cause
> trouble with a back-quote in a DB name (given that single quotes are
> disallowed) ... but I bet some enterprising hacker can find one.
The slash problem will disappear (I hope) when I fix that alternate
location issue.
> Beyond the bare minimum security issues, I also think we should take
> pity on the poor dbadmin who may have to be looking at these
> subdirectories or filenames. Is it really a good idea to allow carriage
> returns or other control characters in file/directory names? Is it
> even a good idea to allow spaces? I don't think so. If we were not
Spaces why not? I use spaces all the time in filenames. But perhaps we
should make a definite list of things we won't allow, such as dots (.),
slashes (/), tildes (~), etc., and everything below ASCII 32. But limiting
it to a finite list of characters would really be a blow to people using
other character sets.
> > Of course this particular case might as well use unlink(),
>
> Not unless your system's unlink is much different from mine's...
Is it just me or is your system intentionally designed to be different
from anybody elses? :) Last time I checked rm does call unlink. Relying on
sh-utils sort of commands has its own set of problems. For example in the
6.5 source, run the postmaster on a terminal, revoke all permissions on a
database directory (chmod a-rwx testdb) and try to drop it. My rm will
prompt on the postmaster terminal for verification while the whole thing
hangs ...
--
Peter Eisentraut Sernanders väg 10:115
peter_e(at)gmx(dot)net 75262 Uppsala
http://yi.org/peter-e/ Sweden
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 1999-12-17 00:31:39 | Re: [HACKERS] SELECT ... AS ... names in WHERE/GROUP BY/HAVING |
Previous Message | Lamar Owen | 1999-12-17 00:20:47 | Re: [HACKERS] ordering RH6.1 |