Re: BUG #16080: pg_ctl is failed if a fake cmd.exe exist in the current directory.

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Juan José Santamaría Flecha <juanjo.santamaria@gmail.com>
Cc: cilizili@protonmail.com, pgsql-bugs@lists.postgresql.org
Date: 2019-10-26T17:44:00Z
Lists: pgsql-bugs
=?UTF-8?Q?Juan_Jos=C3=A9_Santamar=C3=ADa_Flecha?= <juanjo.santamaria@gmail.com> writes:
> On Sat, Oct 26, 2019 at 5:20 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Right, but does cmd.exe have a well-defined location in Windows?
>> I don't think we can know which drive it's on, for starters.

> The environment variable COMSPEC [1] should point to the right location.

Hm.  I don't have any objection to using COMSPEC if it's set, but
of course that changes nothing from a security perspective.  It's
just a different route by which pg_ctl, pg_upgrade, etc can be
misled.

			regards, tom lane



Commits

  1. On Windows, use COMSPEC to find the location of cmd.exe.