Jan Wieck <jan@wi3ck.info> writes:
> The problem here is that pg_upgrade itself is invoking a shell again. It
> is not assembling an array of arguments to pass into exec*(). I'd be a
> happy camper if it did the latter. But as things are we'd have to add
> full shell escapeing for arbitrary strings.
Surely we need that (and have it already) anyway?
I think we've stayed away from exec* because we'd have to write an
emulation for Windows. Maybe somebody will get fed up and produce
such code, but it's not likely to be the least-effort route to the
goal.
regards, tom lane