Re: [HACKERS] Re: [PATCHES] createdb/dropdb fixes
От | Peter Eisentraut |
---|---|
Тема | Re: [HACKERS] Re: [PATCHES] createdb/dropdb fixes |
Дата | |
Msg-id | Pine.LNX.4.21.9912161948210.5199-100000@localhost.localdomain обсуждение исходный текст |
Ответ на | Re: [HACKERS] Re: [PATCHES] createdb/dropdb fixes (Tom Lane <tgl@sss.pgh.pa.us>) |
Список | pgsql-hackers |
On 1999-12-14, Tom Lane mentioned: > Yes. In fact, I'd argue for filtering the names more heavily than that; > just to take a for-example, Bad Things would ensue if we accepted a > database name of "..". My rm refuses to remove '..' and '.'. > It is easy to devise cases in which accepting leading "." or embedded "/" > leads to disaster; if you think those are OK, allow me to destroy your > installation for you ;-). I haven't yet thought of a way to cause > trouble with a back-quote in a DB name (given that single quotes are > disallowed) ... but I bet some enterprising hacker can find one. The slash problem will disappear (I hope) when I fix that alternate location issue. > Beyond the bare minimum security issues, I also think we should take > pity on the poor dbadmin who may have to be looking at these > subdirectories or filenames. Is it really a good idea to allow carriage > returns or other control characters in file/directory names? Is it > even a good idea to allow spaces? I don't think so. If we were not Spaces why not? I use spaces all the time in filenames. But perhaps we should make a definite list of things we won't allow, such as dots (.), slashes (/), tildes (~), etc., and everything below ASCII 32. But limiting it to a finite list of characters would really be a blow to people using other character sets. > > Of course this particular case might as well use unlink(), > > Not unless your system's unlink is much different from mine's... Is it just me or is your system intentionally designed to be different from anybody elses? :) Last time I checked rm does call unlink. Relying on sh-utils sort of commands has its own set of problems. For example in the 6.5 source, run the postmaster on a terminal, revoke all permissions on a database directory (chmod a-rwx testdb) and try to drop it. My rm will prompt on the postmaster terminal for verification while the whole thing hangs ... -- Peter Eisentraut Sernanders väg 10:115 peter_e@gmx.net 75262 Uppsala http://yi.org/peter-e/ Sweden
В списке pgsql-hackers по дате отправления: