Home > mailing lists

Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in thecurrent directory. - Mailing list pgsql-bugs

From	Juan José Santamaría Flecha
Subject	Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in thecurrent directory.
Date	October 27, 2019 13:07:31
Msg-id	CAC+AXB1UKiioDZE5WwofFUL7smA2cqf71U2K5mfRNrjTrggiww@mail.gmail.com Whole thread Raw
In response to	Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in the current directory. (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in the current directory.
List	pgsql-bugs

Tree view

On Sat, Oct 26, 2019 at 7:44 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:

Juan José Santamaría Flecha <juanjo.santamaria@gmail.com> writes:
> On Sat, Oct 26, 2019 at 5:20 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Right, but does cmd.exe have a well-defined location in Windows?
>> I don't think we can know which drive it's on, for starters.

> The environment variable COMSPEC [1] should point to the right location.

Hm. I don't have any objection to using COMSPEC if it's set, but
of course that changes nothing from a security perspective. It's
just a different route by which pg_ctl, pg_upgrade, etc can be
misled.

The only impact this will have is finding the CMD executable directly, without having to rely on CreateProcessAsUser() logic.

Please find attached a patch with this simple modification.

Regards,

Juan José Santamaría Flecha

Attachment

0001_find_cmd_using_comspec.patch

pgsql-bugs by date:

From: Tomas Vondra
Date: 27 October 2019, 00:56:46
Subject: Re: BUG #16082: TOAST's pglz_decompress access to uninitializeddata, if the database is corrupted.

From: Tom Lane
Date: 27 October 2019, 18:42:46
Subject: Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in the current directory.

Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in thecurrent directory. - Mailing list pgsql-bugs

Attachment

Previous

Next