Re: [pgAdmin][RM-2341]: Add menu option for starting PSQL
On Mon, Jun 14, 2021 at 3:35 PM Akshay Joshi <akshay.joshi@enterprisedb.com> wrote:
Hi DaveOn Mon, Jun 14, 2021 at 7:57 PM Dave Page <dpage@pgadmin.org> wrote:HiOn Mon, Jun 14, 2021 at 3:18 PM Nikhil Mohite <nikhil.mohite@enterprisedb.com> wrote:Hi Akshay,I have added the following commands for invalid command check:
- \lo_import
- \lo_export
- \w or write
- \o or \output
- \g
\qecho? \ev?I'm very concerned we're missing more here, and will continue to miss new commands that are added to psql in the future.I think we need to disable the feature entirely in server mode by default, and probably remove the code that attempts to filter out commands.If I understand correctly we need to change in config.py and make ENABLE_PSQL = False in server mode.
Right - but we'd also have the redundant command filtering code (and config option), which we should remove.
Then it just becomes a case of "this can be dangerous in server mode, as your user will be able to run arbitrary commands on the server. Enable at your own risk".The above note will go into the config.py as a comment or in the documentation.
I'm thinking the patch to config.py would be something like the following. There would be other minor changes required of course, but this part of the patch should indicate what would be required:
Index: web/config.py
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/web/config.py b/web/config.py
--- a/web/config.py (revision 4a3a5174b2b0793cea0a2575c10814a784f5f0a1)
+++ b/web/config.py (date 1623241653320)
@@ -645,18 +645,12 @@
##########################################################################
# PSQL tool settings
##########################################################################
-# This will enable PSQL tool in pgAdmin. So user can execute the commands
-# using PSQL terminal in pgAdmin.
-ENABLE_PSQL = True
+# This will enable PSQL tool in pgAdmin when running in server mode.
+# PSQL is always enabled in Desktop mode, however in server mode it is
+# disabled by default because users can run arbitrary commands on the
+# server through it.
+ENABLE_PSQL = False
-# ALLOW_PSQL_SHELL_COMMAND = True will disable the execution of os level
-# commands using meta command \! from PSQL terminal.
-# As PSQL allow user to execute the os level commands from the PSQL terminal
-# user can execute any system level command as per the system login user
-# privileges. Default this setting is set to False but if it set to True
-# User will able to execute the system level commands through PSQL terminal
-# in pgAdmin.
-ALLOW_PSQL_SHELL_COMMANDS = False
##########################################################################
# ENABLE_BINARY_PATH_BROWSING setting is used to enable the browse button
# while selecting binary path for the database server in server mode.
PFA patch V10.I am referring to the https://www.postgresql.org/docs/12/app-psql.html link for finding the commands.On Mon, Jun 14, 2021 at 6:48 PM Dave Page <dpage@pgadmin.org> wrote:HiOn Mon, Jun 14, 2021 at 2:13 PM Nikhil Mohite <nikhil.mohite@enterprisedb.com> wrote:Hi Akshay,Please find the updated patch for psql, Updated invalid command logic added 3 more commands in it.1. \copy or \COPY2. \e or \E3. \ef or \EFShould they just be case insensitive?\ commands are case sensitive.So what are \E and \EF? I can't see them in the pg13 docs.Now user can't execute these commands if allow shell commands is set to False.What about \lo_import and \lo_export? I think those are potentially dangerous too. Also, \echo.added this as well.If required any changes please let me know.Regards,Nikhil MohiteOn Mon, Jun 14, 2021 at 11:48 AM Akshay Joshi <akshay.joshi@enterprisedb.com> wrote:Thanks, the patch applied.On Mon, Jun 14, 2021 at 10:55 AM Nikhil Mohite <nikhil.mohite@enterprisedb.com> wrote:Hi Team,PFA patch v8On Mon, Jun 14, 2021 at 10:25 AM Nikhil Mohite <nikhil.mohite@enterprisedb.com> wrote:Hi Team,Please find the updated patch for the PSQL tool, Added check if the Windows version is not supporting the ConPty or WinPty disable the PSQL for that version. (PSQL option will not visible to the user).I have raised the issue with "pywinpty" https://github.com/spyder-ide/pywinpty/issues/161Regards,Nikhil MohiteOn Fri, Jun 11, 2021 at 6:25 PM Dave Page <dpage@pgadmin.org> wrote:HiOn Fri, Jun 11, 2021 at 1:45 PM Fahar Abbas <fahar.abbas@enterprisedb.com> wrote:Hi Dave,On Fri, Jun 11, 2021 at 1:39 PM Dave Page <dpage@pgadmin.org> wrote:pgadmin4 is working fine on Windows 10 x64(1809).On Fri, Jun 11, 2021 at 9:35 AM Fahar Abbas <fahar.abbas@enterprisedb.com> wrote:Sure Dave, I will create a new VM with the latest iso.Not the latest. 1809 please. And if that doesn't work, 1909. We need to understand exactly what versions work and which don't.Great, thanks!Do I also need to test pgadmin4 on 1909 iso?I don't think so. I'm 99% certain that what we're seeing is that it works on the versions of Windows that support conpty, but not the older ones where the pywinpty library is *supposed* to fall back to using winpty.Hopefully Nikhil can get to the bottom of the problem with the pywinpty folks.Kind Regards,Nikhil is not able to reproduce the issue on Windows 10 with the latest version. So the issue is reproducible with older versions.On Fri, Jun 11, 2021 at 1:28 PM Dave Page <dpage@pgadmin.org> wrote:On Fri, Jun 11, 2021 at 9:25 AM Fahar Abbas <fahar.abbas@enterprisedb.com> wrote:Windows 10 Enterprise 2016 LTSB.Hmm, I assume that is version 1607. Can you test with 1809 please? And if that doesn't work, try 1909.On Fri, Jun 11, 2021 at 1:12 PM Dave Page <dpage@pgadmin.org> wrote:HiOn Fri, Jun 11, 2021 at 7:44 AM Fahar Abbas <fahar.abbas@enterprisedb.com> wrote:Hi,pgadmin4 is failing on following operating systems :Windows 2016Windows 2012Windows 07Windows 2008R2Windows 10 64What version of Windows 10? I *think* conpty was introduced in 1809.pgadmin4 is working fine in following operating system:Windows 2019On Thu, Jun 10, 2021 at 7:51 PM Dave Page <dpage@pgadmin.org> wrote:--On Thu, Jun 10, 2021 at 2:22 PM Nikhil Mohite <nikhil.mohite@enterprisedb.com> wrote:Hi Dave,On Thu, Jun 10, 2021 at 6:37 PM Dave Page <dpage@pgadmin.org> wrote:HiOn Thu, Jun 10, 2021 at 2:00 PM Nikhil Mohite <nikhil.mohite@enterprisedb.com> wrote:Hi Dave,On Thu, Jun 10, 2021 at 5:22 PM Dave Page <dpage@pgadmin.org> wrote:HiOn Thu, Jun 10, 2021 at 11:08 AM Nikhil Mohite <nikhil.mohite@enterprisedb.com> wrote:Hi Dave/ Team,We are facing an issue with winpty.dll on Windows server 2016 and Windows 7(these are platforms on which we have tested).Files required for winpty are present in the site-packages but still, it is unable to load the winpty.dll file on these specific platforms. We have tested it on Windows 10 pro and Windows server 2019 and it is working fine. (Also tried building the local pywinpty but unable to build it.) ref link for winPty https://github.com/rprichard/winpty#:~:text=winpty%20is%20a%20Windows%20software,in%20a%20Cygwin%2FMSYS%20pty.Does winpty.exe run, if executed from the command line instead of pgAdmin? If not, does dependency walker show any missing libraries that are required?Not found the winpty.exe in site packages, but as per the winpty documents "winpty-agent.exe" will start the process with a new, hidden console window. It is not showing any error while installing the package. I tried to use it outside the pgAdmin but still facing the same error "Exception in import winpty DLL load failed while importing winpty: The specified procedure could not be found."(created a separate python environment for this)1. if try to run winpty-agent.exe from the command line, it shows the user entered inputs on the same terminal, not showing any errors.2. I found winpty.exe in the other installed app (Git command line: C:\Program Files (x86)\Git\usr\bin) if try to run it through the command line not getting any error, it is showing user entered inputs on the same terminal. (It is not related to pgAdmin but just tried to check winpty.exe throwing any error or not)Hmmm, that sounds oddly similar to an issue I had with Kerberos on Windows when I was mucking around with that. I can't remember the exact details, but as a test, does the problem go away if winpty.dll is copied into the Windows system32 directory?Tried it but still facing the same issue.OK, I had a fiddle around, and see the same thing. I can't do a simple import of winpty. On 2019 it's fine. I tried various tricks that I've used in the past to make sure libraries are found etc.Could this be because it's trying to use the conpty interface in Windows 10 and above?If we can't get this to work tomorrow, I think it's fine to simply hide the menu options and button if the server detects it's running on an unsupported version of Windows. Of course, this should be documented. We also need to make sure we know *exactly* what versions it does and does not work on.
--Fahar AbbasPhone Office: +92-51-835-8874EnterpriseDB Corporation
Phone Direct: +92-51-8466803
Mobile: +92-333-5409707
Skype ID: live:fahar.abbas
Website: www.enterprisedb.com--
--Fahar AbbasPhone Office: +92-51-835-8874EnterpriseDB Corporation
Phone Direct: +92-51-8466803
Mobile: +92-333-5409707
Skype ID: live:fahar.abbas
Website: www.enterprisedb.com--
--Fahar AbbasPhone Office: +92-51-835-8874EnterpriseDB Corporation
Phone Direct: +92-51-8466803
Mobile: +92-333-5409707
Skype ID: live:fahar.abbas
Website: www.enterprisedb.com--
--Fahar AbbasPhone Office: +92-51-835-8874EnterpriseDB Corporation
Phone Direct: +92-51-8466803
Mobile: +92-333-5409707
Skype ID: live:fahar.abbas
Website: www.enterprisedb.com----Thanks & RegardsAkshay JoshipgAdmin Hacker | Principal Software ArchitectEDB PostgresMobile: +91 976-788-8246--Regards,Nikhil Mohite----Thanks & RegardsAkshay JoshipgAdmin Hacker | Principal Software ArchitectEDB PostgresMobile: +91 976-788-8246
Вложения
В списке pgadmin-hackers по дате отправления:
Предыдущее
От: Nikhil MohiteДата:
Сообщение: Re: [pgAdmin][RM-2341]: Add menu option for starting PSQL