Re: Possible hole in Windows directory restrictions?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Jack Christensen <jack(at)jackchristensen(dot)com>
Cc: pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject: Re: Possible hole in Windows directory restrictions?
Date: 2017-12-29 17:19:16
Message-ID: 24502.1514567956@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Jack Christensen <jack(at)jackchristensen(dot)com> writes:
> On 12/29/2017 9:56 AM, Tom Lane wrote:
>> In https://postgr.es/m/1514541656508-0.post@n3.nabble.com
>> it's reported that "SELECT pg_ls_dir('c:')" works to allow
>> display of the root directory on drive C. If true, this
>> would be a violation of the principle that the core file
>> access functions only let you get at PG-related directories.
>> However, I looked at the code, and it sure looks like
>> path_is_relative_and_below_cwd() contains code to reject use
>> of Windows drive letters. Am I missing something? Anyone
>> want to check if they can reproduce this on a Windows build?

> Could not reproduce with a fresh install.

Thanks for checking. Digging in the git history, I see that
path_is_relative_and_below_cwd() was introduced in 9.1
(commit 0de0cc150). pg_ls_dir and friends were in core for
some time before that, so perhaps the answer is that the
OP was using some old PG version. (Pre-9.1 also defaulted
to standard_conforming_strings = off, which might explain
some other odd things about his report.)

regards, tom lane

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Pavel Stehule 2017-12-29 17:26:25 Re: Converting plpgsql to use DTYPE_REC for named composite types
Previous Message Alvaro Herrera 2017-12-29 17:01:56 Re: [PROPOSAL] bracketed-paste support for psql