Обсуждение: Possible hole in Windows directory restrictions?
In https://postgr.es/m/1514541656508-0.post@n3.nabble.com it's reported that "SELECT pg_ls_dir('c:')" works to allow display of the root directory on drive C. If true, this would be a violation of the principle that the core file access functions only let you get at PG-related directories. However, I looked at the code, and it sure looks like path_is_relative_and_below_cwd() contains code to reject use of Windows drive letters. Am I missing something? Anyone want to check if they can reproduce this on a Windows build? regards, tom lane
On 12/29/2017 9:56 AM, Tom Lane wrote: > In https://postgr.es/m/1514541656508-0.post@n3.nabble.com > it's reported that "SELECT pg_ls_dir('c:')" works to allow > display of the root directory on drive C. If true, this > would be a violation of the principle that the core file > access functions only let you get at PG-related directories. > However, I looked at the code, and it sure looks like > path_is_relative_and_below_cwd() contains code to reject use > of Windows drive letters. Am I missing something? Anyone > want to check if they can reproduce this on a Windows build? > > regards, tom lane > Could not reproduce with a fresh install. C:\Program Files\PostgreSQL\10\bin>psql.exe Password: psql (10.1) WARNING: Console code page (437) differs from Windows code page (1252) 8-bit characters might not work correctly. See psql reference page "Notes for Windows users" for details. Type "help" for help. postgres=# select version(); version ------------------------------------------------------------ PostgreSQL 10.1, compiled by Visual C++ build 1800, 64-bit (1 row) postgres=# SELECT pg_ls_dir('c:'); ERROR: path must be in or below the current directory
Jack Christensen <jack@jackchristensen.com> writes: > On 12/29/2017 9:56 AM, Tom Lane wrote: >> In https://postgr.es/m/1514541656508-0.post@n3.nabble.com >> it's reported that "SELECT pg_ls_dir('c:')" works to allow >> display of the root directory on drive C. If true, this >> would be a violation of the principle that the core file >> access functions only let you get at PG-related directories. >> However, I looked at the code, and it sure looks like >> path_is_relative_and_below_cwd() contains code to reject use >> of Windows drive letters. Am I missing something? Anyone >> want to check if they can reproduce this on a Windows build? > Could not reproduce with a fresh install. Thanks for checking. Digging in the git history, I see that path_is_relative_and_below_cwd() was introduced in 9.1 (commit 0de0cc150). pg_ls_dir and friends were in core for some time before that, so perhaps the answer is that the OP was using some old PG version. (Pre-9.1 also defaulted to standard_conforming_strings = off, which might explain some other odd things about his report.) regards, tom lane