On 8/11/16 9:12 PM, Michael Paquier wrote: > Note that pg_dump[all] and pg_upgrade already have safeguards against > those things per the same routines putting quotes for execution as > commands into psql and shell. So attached is a patch to implement this > restriction in the backend, and I am adding that to the next CF for > 10.0. Attached is as well a script able to trigger those errors.
After further review, I have my doubts about this approach. Everything that is using appendShellString() is now going to reject LF and CR characters, but there is no systematic way by which this is managed, enforced, or documented. It happens that right now most of the affected cases are user and database names, but there are others. For example, you cannot anymore install PostgreSQL into a path containing LF/CR, because initdb will fail when it composes the pg_ctl command line to print out. Also, initdb will fail if the data directory name contains LF/CR, but it creates the directory nonetheless. (Apparently, it doesn't even clean it up.) But for example pg_ctl and pg_basebackup and postgres itself handle all of that just fine. This is a slowly growing mess. I think the way forward here, if any, is to work on removing these restrictions, not to keep sprinkling them around. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers