Home > mailing lists

Re: syntax error causes crafted data to be executed in shell - Mailing list pgsql-bugs

From	Bruce Momjian
Subject	Re: syntax error causes crafted data to be executed in shell
Date	December 18, 2004 07:06:20
Msg-id	200412180405.iBI45AS07673@candle.pha.pa.us Whole thread Raw
In response to	Re: syntax error causes crafted data to be executed in shell (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: syntax error causes crafted data to be executed in shell (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-bugs

Tree view

Tom Lane wrote:
> I wrote:
> > Still, it looks like it would be relatively easy to suppress evaluation
> > of backticked arguments once we recognize that the backslash command has
> > failed, and I would say that that's a reasonable change to make on the
> > principle of least surprise.
>
> On looking at this further, I wonder if it wouldn't be a good idea for
> a failed backslash command to cause the rest of the input line to be
> discarded.  In the existing coding, if we find another backslash we'll
> try to execute another backslash command, but that seems rather
> considerably likely to be the Wrong Thing instead of the Right Thing.

Tom, would you show an example of the change in behavior? I didn't
understand the details.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

pgsql-bugs by date:

From: Bruce Momjian
Date: 18 December 2004, 06:53:11
Subject: Re: BUG #1350: Backslash ecape charcter violates ISO/ANSI

From: Tom Lane
Date: 18 December 2004, 07:26:13
Subject: Re: syntax error causes crafted data to be executed in shell

Re: syntax error causes crafted data to be executed in shell - Mailing list pgsql-bugs

Previous

Next