Quick Links

Re: syntax error causes crafted data to be executed in shell

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	"Thomer M(dot) Gil" <postgresql(at)thomer(dot)com>
Cc:	pgsql-bugs(at)postgresql(dot)org, Peter Eisentraut <peter_e(at)gmx(dot)net>
Subject:	Re: syntax error causes crafted data to be executed in shell
Date:	2004-12-17 22:37:46
Message-ID:	24835.1103323066@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-bugs

I wrote:
> Still, it looks like it would be relatively easy to suppress evaluation
> of backticked arguments once we recognize that the backslash command has
> failed, and I would say that that's a reasonable change to make on the
> principle of least surprise.

On looking at this further, I wonder if it wouldn't be a good idea for
a failed backslash command to cause the rest of the input line to be
discarded. In the existing coding, if we find another backslash we'll
try to execute another backslash command, but that seems rather
considerably likely to be the Wrong Thing instead of the Right Thing.

Thoughts?

regards, tom lane

In response to

Re: syntax error causes crafted data to be executed in shell at 2004-12-17 19:32:10 from Tom Lane

Responses

Re: syntax error causes crafted data to be executed in shell at 2004-12-18 02:49:09 from Thomer M. Gil
Re: syntax error causes crafted data to be executed in shell at 2004-12-18 04:05:10 from Bruce Momjian

Browse pgsql-bugs by date

	From	Date	Subject
Next Message	Tom Lane	2004-12-17 22:49:46	Re: Problem with Upper/Lower Function
Previous Message	mjmayfield	2004-12-17 19:50:00	unsubscribe pgsql-admin