Home > mailing lists

Re: syntax error causes crafted data to be executed in shell - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: syntax error causes crafted data to be executed in shell
Date	December 18, 2004 07:26:13
Msg-id	27481.1103343698@sss.pgh.pa.us Whole thread Raw
In response to	Re: syntax error causes crafted data to be executed in shell (Bruce Momjian <pgman@candle.pha.pa.us>)
Responses	Re: syntax error causes crafted data to be executed in shell
List	pgsql-bugs

Tree view

Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Tom, would you show an example of the change in behavior? I didn't
> understand the details.

In CVS tip:

regression=# \N `touch wrong1` \i `touch wrong2`
Invalid command \N. Try \? for help.
: No such file or directory
regression=#

Both wrong1 and wrong2 are created.  Thomer originally asserted that
wrong1 shouldn't have been created, ie, we shouldn't have tried to
evaluate the backticked "argument" to \N.  I further suggest that it's
not a good idea to even try to process the \i command.  I'd prefer to
see something like

regression=# \N `touch wrong1` \i `touch wrong2`
Invalid command \N. Try \? for help.
Ignoring junk "`touch wrong1` \i `touch wrong2`"
regression=#

            regards, tom lane

pgsql-bugs by date:

From: Bruce Momjian
Date: 18 December 2004, 07:06:20
Subject: Re: syntax error causes crafted data to be executed in shell

From: Bruce Momjian
Date: 18 December 2004, 07:27:19
Subject: Re: syntax error causes crafted data to be executed in shell

Re: syntax error causes crafted data to be executed in shell - Mailing list pgsql-bugs

Previous

Next