Skip site navigation (1) Skip section navigation (2)

Re: syntax error causes crafted data to be executed in shell

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Thomer M(dot) Gil" <postgresql(at)thomer(dot)com>
Cc: pgsql-bugs(at)postgresql(dot)org, Peter Eisentraut <peter_e(at)gmx(dot)net>
Subject: Re: syntax error causes crafted data to be executed in shell
Date: 2004-12-17 22:37:46
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-bugs
I wrote:
> Still, it looks like it would be relatively easy to suppress evaluation
> of backticked arguments once we recognize that the backslash command has
> failed, and I would say that that's a reasonable change to make on the
> principle of least surprise.

On looking at this further, I wonder if it wouldn't be a good idea for
a failed backslash command to cause the rest of the input line to be
discarded.  In the existing coding, if we find another backslash we'll
try to execute another backslash command, but that seems rather
considerably likely to be the Wrong Thing instead of the Right Thing.


			regards, tom lane

In response to


pgsql-bugs by date

Next:From: Tom LaneDate: 2004-12-17 22:49:46
Subject: Re: Problem with Upper/Lower Function
Previous:From: mjmayfieldDate: 2004-12-17 19:50:00
Subject: unsubscribe pgsql-admin

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group