Re: syntax error causes crafted data to be executed in shell
| От | Tom Lane |
|---|---|
| Тема | Re: syntax error causes crafted data to be executed in shell |
| Дата | |
| Msg-id | 27481.1103343698@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: syntax error causes crafted data to be executed in shell (Bruce Momjian <pgman@candle.pha.pa.us>) |
| Ответы |
Re: syntax error causes crafted data to be executed in shell
|
| Список | pgsql-bugs |
Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Tom, would you show an example of the change in behavior? I didn't
> understand the details.
In CVS tip:
regression=# \N `touch wrong1` \i `touch wrong2`
Invalid command \N. Try \? for help.
: No such file or directory
regression=#
Both wrong1 and wrong2 are created. Thomer originally asserted that
wrong1 shouldn't have been created, ie, we shouldn't have tried to
evaluate the backticked "argument" to \N. I further suggest that it's
not a good idea to even try to process the \i command. I'd prefer to
see something like
regression=# \N `touch wrong1` \i `touch wrong2`
Invalid command \N. Try \? for help.
Ignoring junk "`touch wrong1` \i `touch wrong2`"
regression=#
regards, tom lane
В списке pgsql-bugs по дате отправления: