Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in thecurrent directory.

Поиск
Список
Период
Сортировка
От Juan José Santamaría Flecha
Тема Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in thecurrent directory.
Дата
Msg-id CAC+AXB1UKiioDZE5WwofFUL7smA2cqf71U2K5mfRNrjTrggiww@mail.gmail.com
обсуждение исходный текст
Ответ на Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in the current directory.  (Tom Lane <tgl@sss.pgh.pa.us>)
Ответы Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in the current directory.  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-bugs
Дерево обсуждения


On Sat, Oct 26, 2019 at 7:44 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
Juan José Santamaría Flecha <juanjo.santamaria@gmail.com> writes:
> On Sat, Oct 26, 2019 at 5:20 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Right, but does cmd.exe have a well-defined location in Windows?
>> I don't think we can know which drive it's on, for starters.

> The environment variable COMSPEC [1] should point to the right location.

Hm.  I don't have any objection to using COMSPEC if it's set, but
of course that changes nothing from a security perspective.  It's
just a different route by which pg_ctl, pg_upgrade, etc can be
misled.


The only impact this will have is finding the CMD executable directly, without having to rely on CreateProcessAsUser() logic.

Please find attached a patch with this simple modification.

Regards,

Juan José Santamaría Flecha

Вложения

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Tomas Vondra
Дата:
Сообщение: Re: BUG #16082: TOAST's pglz_decompress access to uninitializeddata, if the database is corrupted.
Следующее
От: Tom Lane
Дата:
Сообщение: Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in the current directory.