Peter Eisentraut <peter_e@gmx.net> writes:
> [ CREATE DATABASE WITH LOCATION shouldn't depend on environment vars ]
I agree, this oughta be flushed. Is the expansion routine used in any
other contexts where depending on an environment var *would* make sense?
> What really gets me, though, is how this sort of scheme is supposed to
> create security in the first place.
I doubt security was foremost in the mind of whoever did that. Still,
the environment vars in question are those created by the dbadmin before
starting the postmaster; it's not like unprivileged users can affect
them. So I'd say it's just a chance to shoot yourself in the foot,
not a question of exposing yourself to enemy fire...
regards, tom lane