Claudio Freire <klaussfreire@gmail.com> writes:
> On Tue, Sep 6, 2016 at 2:08 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Dash is considered a character that needs quoting. It might be possible
>> to avoid that if we could be certain that appendShellString's output would
>> never be placed in a spot where it could be taken for a switch, but that
>> seems like a large assumption to me.
> Wouldn't it be taken for a switch even with quoting?
> Quoting "-D" seems to work fine, which would suggest the above is true.
[ thinks about that... ] Oh, you're right, brain fade on my part. The
shell doesn't care whether words are switches or not. So actually the
risk-factor for us is whether we have designed any command-line syntaxes
in a way that would allow a path starting with a dash to cause bad things
to happen. I have a feeling the answer is "yes", even without considering
the prospect that GNU getopt will arbitrarily rearrange the command words
on us depending on what it thinks is a switch. (Maybe leading-dash is
another one of the things we'd better make a policy against.)
But meanwhile, yes, the argument for treating it as quotable in
appendShellString seems completely bogus. I'll go change that.
regards, tom lane
