Home > mailing lists

Re: syntax error causes crafted data to be executed in shell - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: syntax error causes crafted data to be executed in shell
Date	December 18, 2004 01:38:44
Msg-id	24835.1103323066@sss.pgh.pa.us Whole thread Raw
In response to	Re: syntax error causes crafted data to be executed in shell (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: syntax error causes crafted data to be executed in shell Re: syntax error causes crafted data to be executed in shell
List	pgsql-bugs

Tree view

I wrote:
> Still, it looks like it would be relatively easy to suppress evaluation
> of backticked arguments once we recognize that the backslash command has
> failed, and I would say that that's a reasonable change to make on the
> principle of least surprise.

On looking at this further, I wonder if it wouldn't be a good idea for
a failed backslash command to cause the rest of the input line to be
discarded.  In the existing coding, if we find another backslash we'll
try to execute another backslash command, but that seems rather
considerably likely to be the Wrong Thing instead of the Right Thing.

Thoughts?

            regards, tom lane

pgsql-bugs by date:

From: Christoph Haller
Date: 18 December 2004, 01:25:54
Subject: 8.0.0rc1 on hppa2.0w-hp-hpux11.00

From: Tom Lane
Date: 18 December 2004, 01:50:40
Subject: Re: Problem with Upper/Lower Function

Re: syntax error causes crafted data to be executed in shell - Mailing list pgsql-bugs

Previous

Next