From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Re: [COMMITTERS] pgsql: Make initdb's suggested "pg_ctl start" command line more reliabl |
Date: | 2016-09-08 16:07:35 |
Message-ID: | c7a3faee-aede-1d7a-808d-491244a8ba7f@2ndquadrant.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers pgsql-hackers |
On 9/6/16 1:08 PM, Tom Lane wrote:
>> As just mentioned elsewhere, this accidentally introduces a failure if
>> > the PostgreSQL installation path contains LF/CR, because of the use of
>> > appendShellString().
> I think that's intentional, not accidental. What actual use case is
> there for allowing such paths?
There probably isn't one. But we ought to be introducing this change in
a more intentional and consistent way.
For example, pg_basebackup has no such restriction. So using
pg_basebackup, then promote, then pg_upgrade will (probably) fail now
for some paths.
More generally, I'm concerned that appendShellString() looks pretty
attractive for future use. It's not inconceivable that someone will
want to use it for say calling pg_dump from pg_dumpall or pg_upgrade at
some point, and then maybe we'll accidentally disallow LF/CR in
tablespace names, say.
Also, if we're concerned about the potential for confusion that these
characters can cause, maybe we should be disallowing more control
characters in similar places.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2016-09-08 16:48:33 | Re: Re: [COMMITTERS] pgsql: Make initdb's suggested "pg_ctl start" command line more reliabl |
Previous Message | Tom Lane | 2016-09-08 14:48:13 | pgsql: Don't print database's tablespace in pg_dump -C --no-tablespaces |
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2016-09-08 16:12:49 | Re: Forbid use of LF and CR characters in database and role names |
Previous Message | Peter Eisentraut | 2016-09-08 15:55:14 | Re: [PATCH v2] Add overflow checks to money type input function |