On Thu, Oct 31, 2013 at 10:17 AM, Amit Kapila <amit.kapil...@gmail.com>wrote:
> On Tue, Oct 29, 2013 at 12:46 PM, Naoya Anzai > <anzai-na...@mxu.nes.nec.co.jp> wrote: > > Hi Sandeep > > > >> I think, you should change the subject line to "Unquoted service path > containing space is vulnerable and can be exploited on Windows" to get the > attention.. :) > > Thank you for advice! > > I'll try to post to pgsql-bugs again. > > I could also reproduce this issue. The situation is very rare such > that an "exe" with name same as first part of directory should exist > in installation path. > I believe it is a security risk with bigger impact as it is related to Windows environment and as installers rely on it. > I suggest you can post your patch in next commit fest. Yes. Are not vulnerabilities/security risk's taken care of more urgent bases ? > With Regards, > Amit Kapila. > EnterpriseDB: http://www.enterprisedb.com >
