Participants
Tom Lane
Tom Lane
Jack Christensen
Jack Christensen
Attachments

No attachments in this thread

Thread Outline
#1Tom LaneTom Lane
Dec 29, 2017
#2Jack ChristensenJack Christensento Tom Lane (#1)
Dec 29, 2017
#3Tom LaneTom Laneto Jack Christensen (#2)
Dec 29, 2017

Possible hole in Windows directory restrictions?

Started by Tom Laneabout 8 years ago3 messages
#1Tom Lane
Tom Lane
tgl@sss.pgh.pa.us

In /messages/by-id/1514541656508-0.post@n3.nabble.com
it's reported that "SELECT pg_ls_dir('c:')" works to allow
display of the root directory on drive C. If true, this
would be a violation of the principle that the core file
access functions only let you get at PG-related directories.
However, I looked at the code, and it sure looks like
path_is_relative_and_below_cwd() contains code to reject use
of Windows drive letters. Am I missing something? Anyone
want to check if they can reproduce this on a Windows build?

regards, tom lane

#2Jack Christensen
Jack Christensen
jack@jackchristensen.com
In reply to: Tom Lane (#1)
Re: Possible hole in Windows directory restrictions?

On 12/29/2017 9:56 AM, Tom Lane wrote:

In /messages/by-id/1514541656508-0.post@n3.nabble.com
it's reported that "SELECT pg_ls_dir('c:')" works to allow
display of the root directory on drive C. If true, this
would be a violation of the principle that the core file
access functions only let you get at PG-related directories.
However, I looked at the code, and it sure looks like
path_is_relative_and_below_cwd() contains code to reject use
of Windows drive letters. Am I missing something? Anyone
want to check if they can reproduce this on a Windows build?

regards, tom lane

Could not reproduce with a fresh install.

C:\Program Files\PostgreSQL\10\bin>psql.exe
Password:
psql (10.1)
WARNING: Console code page (437) differs from Windows code page (1252)
8-bit characters might not work correctly. See psql reference
page "Notes for Windows users" for details.
Type "help" for help.

postgres=# select version();
version
------------------------------------------------------------
PostgreSQL 10.1, compiled by Visual C++ build 1800, 64-bit
(1 row)

postgres=# SELECT pg_ls_dir('c:');
ERROR: path must be in or below the current directory

#3Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Jack Christensen (#2)
Re: Possible hole in Windows directory restrictions?

Jack Christensen <jack@jackchristensen.com> writes:

On 12/29/2017 9:56 AM, Tom Lane wrote:

In /messages/by-id/1514541656508-0.post@n3.nabble.com
it's reported that "SELECT pg_ls_dir('c:')" works to allow
display of the root directory on drive C. If true, this
would be a violation of the principle that the core file
access functions only let you get at PG-related directories.
However, I looked at the code, and it sure looks like
path_is_relative_and_below_cwd() contains code to reject use
of Windows drive letters. Am I missing something? Anyone
want to check if they can reproduce this on a Windows build?

Could not reproduce with a fresh install.

Thanks for checking. Digging in the git history, I see that
path_is_relative_and_below_cwd() was introduced in 9.1
(commit 0de0cc150). pg_ls_dir and friends were in core for
some time before that, so perhaps the answer is that the
OP was using some old PG version. (Pre-9.1 also defaulted
to standard_conforming_strings = off, which might explain
some other odd things about his report.)

regards, tom lane

← Back to Topics