Hi On Mon, Jun 14, 2021 at 3:18 PM Nikhil Mohite < nikhil.moh...@enterprisedb.com> wrote:
> Hi Akshay, > > I have added the following commands for invalid command check: > > 1. \lo_import > 2. \lo_export > 3. \w or write > 4. \o or \output > 5. \g > > \qecho? \ev? I'm very concerned we're missing more here, and will continue to miss new commands that are added to psql in the future. I think we need to disable the feature entirely in server mode by default, and probably remove the code that attempts to filter out commands. Then it just becomes a case of "this can be dangerous in server mode, as your user will be able to run arbitrary commands on the server. Enable at your own risk". > I am referring to the https://www.postgresql.org/docs/12/app-psql.html > link for finding the commands. > PFA patch V10. > > > On Mon, Jun 14, 2021 at 6:48 PM Dave Page <dp...@pgadmin.org> wrote: > >> Hi >> >> On Mon, Jun 14, 2021 at 2:13 PM Nikhil Mohite < >> nikhil.moh...@enterprisedb.com> wrote: >> >>> Hi Akshay, >>> >>> Please find the updated patch for psql, Updated invalid command logic >>> added 3 more commands in it. >>> 1. \copy or \COPY >>> 2. \e or \E >>> 3. \ef or \EF >>> >> >> Should they just be case insensitive? >> > \ commands are case sensitive. > So what are \E and \EF? I can't see them in the pg13 docs. > >> >>> >>> Now user can't execute these commands if allow shell commands is set to >>> False. >>> >> >> What about \lo_import and \lo_export? I think those are potentially >> dangerous too. Also, \echo. >> > added this as well. > >> >> >>> >>> If required any changes please let me know. >>> >>> Regards, >>> Nikhil Mohite >>> >>> On Mon, Jun 14, 2021 at 11:48 AM Akshay Joshi < >>> akshay.jo...@enterprisedb.com> wrote: >>> >>>> Thanks, the patch applied. >>>> >>>> On Mon, Jun 14, 2021 at 10:55 AM Nikhil Mohite < >>>> nikhil.moh...@enterprisedb.com> wrote: >>>> >>>>> Hi Team, >>>>> >>>>> PFA patch v8 >>>>> >>>>> On Mon, Jun 14, 2021 at 10:25 AM Nikhil Mohite < >>>>> nikhil.moh...@enterprisedb.com> wrote: >>>>> >>>>>> Hi Team, >>>>>> >>>>>> Please find the updated patch for the PSQL tool, Added check if the >>>>>> Windows version is not supporting the ConPty or WinPty disable the PSQL >>>>>> for >>>>>> that version. (PSQL option will not visible to the user). >>>>>> >>>>>> I have raised the issue with "pywinpty" >>>>>> https://github.com/spyder-ide/pywinpty/issues/161 >>>>>> >>>>>> Regards, >>>>>> Nikhil Mohite >>>>>> >>>>>> On Fri, Jun 11, 2021 at 6:25 PM Dave Page <dp...@pgadmin.org> wrote: >>>>>> >>>>>>> Hi >>>>>>> >>>>>>> On Fri, Jun 11, 2021 at 1:45 PM Fahar Abbas < >>>>>>> fahar.ab...@enterprisedb.com> wrote: >>>>>>> >>>>>>>> Hi Dave, >>>>>>>> >>>>>>>> On Fri, Jun 11, 2021 at 1:39 PM Dave Page <dp...@pgadmin.org> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Fri, Jun 11, 2021 at 9:35 AM Fahar Abbas < >>>>>>>>> fahar.ab...@enterprisedb.com> wrote: >>>>>>>>> >>>>>>>>>> Sure Dave, I will create a new VM with the latest iso. >>>>>>>>>> >>>>>>>>> >>>>>>>>> Not the latest. 1809 please. And if that doesn't work, 1909. We >>>>>>>>> need to understand exactly what versions work and which don't. >>>>>>>>> >>>>>>>>> pgadmin4 is working fine on Windows 10 x64(1809). >>>>>>>> >>>>>>> >>>>>>> Great, thanks! >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> Do I also need to test pgadmin4 on 1909 iso? >>>>>>>> >>>>>>> >>>>>>> I don't think so. I'm 99% certain that what we're seeing is that it >>>>>>> works on the versions of Windows that support conpty, but not the older >>>>>>> ones where the pywinpty library is *supposed* to fall back to using >>>>>>> winpty. >>>>>>> >>>>>>> Hopefully Nikhil can get to the bottom of the problem with the >>>>>>> pywinpty folks. >>>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>>> Nikhil is not able to reproduce the issue on Windows 10 with the >>>>>>>>>> latest version. So the issue is reproducible with older versions. >>>>>>>>>> >>>>>>>>>> Kind Regards, >>>>>>>>>> On Fri, Jun 11, 2021 at 1:28 PM Dave Page <dp...@pgadmin.org> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Fri, Jun 11, 2021 at 9:25 AM Fahar Abbas < >>>>>>>>>>> fahar.ab...@enterprisedb.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> Windows 10 Enterprise 2016 LTSB. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Hmm, I assume that is version 1607. Can you test with 1809 >>>>>>>>>>> please? And if that doesn't work, try 1909. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Fri, Jun 11, 2021 at 1:12 PM Dave Page <dp...@pgadmin.org> >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi >>>>>>>>>>>>> >>>>>>>>>>>>> On Fri, Jun 11, 2021 at 7:44 AM Fahar Abbas < >>>>>>>>>>>>> fahar.ab...@enterprisedb.com> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>> >>>>>>>>>>>>>> pgadmin4 is failing on following operating systems : >>>>>>>>>>>>>> Windows 2016 >>>>>>>>>>>>>> Windows 2012 >>>>>>>>>>>>>> Windows 07 >>>>>>>>>>>>>> Windows 2008R2 >>>>>>>>>>>>>> Windows 10 64 >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> What version of Windows 10? I *think* conpty was introduced in >>>>>>>>>>>>> 1809. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> pgadmin4 is working fine in following operating system: >>>>>>>>>>>>>> Windows 2019 >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Thu, Jun 10, 2021 at 7:51 PM Dave Page <dp...@pgadmin.org> >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Thu, Jun 10, 2021 at 2:22 PM Nikhil Mohite < >>>>>>>>>>>>>>> nikhil.moh...@enterprisedb.com> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi Dave, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Thu, Jun 10, 2021 at 6:37 PM Dave Page < >>>>>>>>>>>>>>>> dp...@pgadmin.org> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Thu, Jun 10, 2021 at 2:00 PM Nikhil Mohite < >>>>>>>>>>>>>>>>> nikhil.moh...@enterprisedb.com> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi Dave, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Thu, Jun 10, 2021 at 5:22 PM Dave Page < >>>>>>>>>>>>>>>>>> dp...@pgadmin.org> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> On Thu, Jun 10, 2021 at 11:08 AM Nikhil Mohite < >>>>>>>>>>>>>>>>>>> nikhil.moh...@enterprisedb.com> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Hi Dave/ Team, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> We are facing an issue with winpty.dll on Windows >>>>>>>>>>>>>>>>>>>> server 2016 and Windows 7(these are platforms on which we >>>>>>>>>>>>>>>>>>>> have tested). >>>>>>>>>>>>>>>>>>>> Files required for winpty are present in the >>>>>>>>>>>>>>>>>>>> site-packages but still, it is unable to load the >>>>>>>>>>>>>>>>>>>> winpty.dll file on these >>>>>>>>>>>>>>>>>>>> specific platforms. We have tested it on Windows 10 pro >>>>>>>>>>>>>>>>>>>> and Windows server >>>>>>>>>>>>>>>>>>>> 2019 and it is working fine. (Also tried building the >>>>>>>>>>>>>>>>>>>> local pywinpty but >>>>>>>>>>>>>>>>>>>> unable to build it.) ref link for winPty >>>>>>>>>>>>>>>>>>>> https://github.com/rprichard/winpty#:~:text=winpty%20is%20a%20Windows%20software,in%20a%20Cygwin%2FMSYS%20pty. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Does winpty.exe run, if executed from the command line >>>>>>>>>>>>>>>>>>> instead of pgAdmin? If not, does dependency walker show any >>>>>>>>>>>>>>>>>>> missing >>>>>>>>>>>>>>>>>>> libraries that are required? >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Not found the winpty.exe in site packages, but as per the >>>>>>>>>>>>>>>>>> winpty documents "winpty-agent.exe" will start the process >>>>>>>>>>>>>>>>>> with a new, >>>>>>>>>>>>>>>>>> hidden console window. It is not showing any error while >>>>>>>>>>>>>>>>>> installing the >>>>>>>>>>>>>>>>>> package. I tried to use it outside the pgAdmin but still >>>>>>>>>>>>>>>>>> facing the same >>>>>>>>>>>>>>>>>> error "Exception in import winpty DLL load failed while >>>>>>>>>>>>>>>>>> importing winpty: >>>>>>>>>>>>>>>>>> The specified procedure could not be found."(created a >>>>>>>>>>>>>>>>>> separate python >>>>>>>>>>>>>>>>>> environment for this) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> 1. if try to run winpty-agent.exe from the command line, >>>>>>>>>>>>>>>>>> it shows the user entered inputs on the same terminal, not >>>>>>>>>>>>>>>>>> showing any >>>>>>>>>>>>>>>>>> errors. >>>>>>>>>>>>>>>>>> [image: image.png] >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> 2. I found winpty.exe in the other installed app (Git >>>>>>>>>>>>>>>>>> command line: C:\Program Files (x86)\Git\usr\bin) if try to >>>>>>>>>>>>>>>>>> run it through >>>>>>>>>>>>>>>>>> the command line not getting any error, it is showing user >>>>>>>>>>>>>>>>>> entered inputs >>>>>>>>>>>>>>>>>> on the same terminal. (It is not related to pgAdmin but just >>>>>>>>>>>>>>>>>> tried to check >>>>>>>>>>>>>>>>>> winpty.exe throwing any error or not) >>>>>>>>>>>>>>>>>> [image: image.png] >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hmmm, that sounds oddly similar to an issue I had with >>>>>>>>>>>>>>>>> Kerberos on Windows when I was mucking around with that. I >>>>>>>>>>>>>>>>> can't remember >>>>>>>>>>>>>>>>> the exact details, but as a test, does the problem go away if >>>>>>>>>>>>>>>>> winpty.dll is >>>>>>>>>>>>>>>>> copied into the Windows system32 directory? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Tried it but still facing the same issue. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> OK, I had a fiddle around, and see the same thing. I can't >>>>>>>>>>>>>>> do a simple import of winpty. On 2019 it's fine. I tried >>>>>>>>>>>>>>> various tricks >>>>>>>>>>>>>>> that I've used in the past to make sure libraries are found etc. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Could this be because it's trying to use the >>>>>>>>>>>>>>> conpty interface in Windows 10 and above? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> If we can't get this to work tomorrow, I think it's fine to >>>>>>>>>>>>>>> simply hide the menu options and button if the server detects >>>>>>>>>>>>>>> it's running >>>>>>>>>>>>>>> on an unsupported version of Windows. Of course, this should be >>>>>>>>>>>>>>> documented. >>>>>>>>>>>>>>> We also need to make sure we know *exactly* what versions it >>>>>>>>>>>>>>> does and does >>>>>>>>>>>>>>> not work on. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> Dave Page >>>>>>>>>>>>>>> Blog: https://pgsnake.blogspot.com >>>>>>>>>>>>>>> Twitter: @pgsnake >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> EDB: https://www.enterprisedb.com >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> Fahar Abbas >>>>>>>>>>>>>> EnterpriseDB Corporation >>>>>>>>>>>>>> Phone Office: +92-51-835-8874 >>>>>>>>>>>>>> Phone Direct: +92-51-8466803 >>>>>>>>>>>>>> Mobile: +92-333-5409707 >>>>>>>>>>>>>> Skype ID: *live:fahar.abbas* >>>>>>>>>>>>>> Website: www.enterprisedb.com >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Dave Page >>>>>>>>>>>>> Blog: https://pgsnake.blogspot.com >>>>>>>>>>>>> Twitter: @pgsnake >>>>>>>>>>>>> >>>>>>>>>>>>> EDB: https://www.enterprisedb.com >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Fahar Abbas >>>>>>>>>>>> EnterpriseDB Corporation >>>>>>>>>>>> Phone Office: +92-51-835-8874 >>>>>>>>>>>> Phone Direct: +92-51-8466803 >>>>>>>>>>>> Mobile: +92-333-5409707 >>>>>>>>>>>> Skype ID: *live:fahar.abbas* >>>>>>>>>>>> Website: www.enterprisedb.com >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Dave Page >>>>>>>>>>> Blog: https://pgsnake.blogspot.com >>>>>>>>>>> Twitter: @pgsnake >>>>>>>>>>> >>>>>>>>>>> EDB: https://www.enterprisedb.com >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Fahar Abbas >>>>>>>>>> EnterpriseDB Corporation >>>>>>>>>> Phone Office: +92-51-835-8874 >>>>>>>>>> Phone Direct: +92-51-8466803 >>>>>>>>>> Mobile: +92-333-5409707 >>>>>>>>>> Skype ID: *live:fahar.abbas* >>>>>>>>>> Website: www.enterprisedb.com >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Dave Page >>>>>>>>> Blog: https://pgsnake.blogspot.com >>>>>>>>> Twitter: @pgsnake >>>>>>>>> >>>>>>>>> EDB: https://www.enterprisedb.com >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Fahar Abbas >>>>>>>> EnterpriseDB Corporation >>>>>>>> Phone Office: +92-51-835-8874 >>>>>>>> Phone Direct: +92-51-8466803 >>>>>>>> Mobile: +92-333-5409707 >>>>>>>> Skype ID: *live:fahar.abbas* >>>>>>>> Website: www.enterprisedb.com >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Dave Page >>>>>>> Blog: https://pgsnake.blogspot.com >>>>>>> Twitter: @pgsnake >>>>>>> >>>>>>> EDB: https://www.enterprisedb.com >>>>>>> >>>>>>> >>>> >>>> -- >>>> *Thanks & Regards* >>>> *Akshay Joshi* >>>> *pgAdmin Hacker | Principal Software Architect* >>>> *EDB Postgres <http://edbpostgres.com>* >>>> >>>> *Mobile: +91 976-788-8246* >>>> >>> >> >> -- >> Dave Page >> Blog: https://pgsnake.blogspot.com >> Twitter: @pgsnake >> >> EDB: https://www.enterprisedb.com >> >> Regards, > Nikhil Mohite > -- Dave Page Blog: https://pgsnake.blogspot.com Twitter: @pgsnake EDB: https://www.enterprisedb.com
