Claudio Freire <> writes:
> On Tue, Sep 6, 2016 at 2:08 PM, Tom Lane <> wrote:
>> Dash is considered a character that needs quoting.  It might be possible
>> to avoid that if we could be certain that appendShellString's output would
>> never be placed in a spot where it could be taken for a switch, but that
>> seems like a large assumption to me.

> Wouldn't it be taken for a switch even with quoting?
> Quoting "-D" seems to work fine, which would suggest the above is true.

[ thinks about that... ]  Oh, you're right, brain fade on my part.  The
shell doesn't care whether words are switches or not.  So actually the
risk-factor for us is whether we have designed any command-line syntaxes
in a way that would allow a path starting with a dash to cause bad things
to happen.  I have a feeling the answer is "yes", even without considering
the prospect that GNU getopt will arbitrarily rearrange the command words
on us depending on what it thinks is a switch.  (Maybe leading-dash is
another one of the things we'd better make a policy against.)

But meanwhile, yes, the argument for treating it as quotable in
appendShellString seems completely bogus.  I'll go change that.

                        regards, tom lane

Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to