Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in the current directory. - Mailing list pgsql-bugs

From Tom Lane
Subject Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in the current directory.
Date
Msg-id 857.1572111840@sss.pgh.pa.us
Whole thread Raw
In response to Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in thecurrent directory.  (Juan José Santamaría Flecha <juanjo.santamaria@gmail.com>)
Responses Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in thecurrent directory.
List pgsql-bugs
=?UTF-8?Q?Juan_Jos=C3=A9_Santamar=C3=ADa_Flecha?= <juanjo.santamaria@gmail.com> writes:
> On Sat, Oct 26, 2019 at 5:20 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Right, but does cmd.exe have a well-defined location in Windows?
>> I don't think we can know which drive it's on, for starters.

> The environment variable COMSPEC [1] should point to the right location.

Hm.  I don't have any objection to using COMSPEC if it's set, but
of course that changes nothing from a security perspective.  It's
just a different route by which pg_ctl, pg_upgrade, etc can be
misled.

            regards, tom lane



pgsql-bugs by date:

Previous
From: Juan José Santamaría Flecha
Date:
Subject: Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in thecurrent directory.
Next
From: Tomas Vondra
Date:
Subject: Re: BUG #16082: TOAST's pglz_decompress access to uninitializeddata, if the database is corrupted.