Claudio Freire <klaussfre...@gmail.com> writes: > On Tue, Sep 6, 2016 at 2:08 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: >> Dash is considered a character that needs quoting. It might be possible >> to avoid that if we could be certain that appendShellString's output would >> never be placed in a spot where it could be taken for a switch, but that >> seems like a large assumption to me.
> Wouldn't it be taken for a switch even with quoting? > Quoting "-D" seems to work fine, which would suggest the above is true. [ thinks about that... ] Oh, you're right, brain fade on my part. The shell doesn't care whether words are switches or not. So actually the risk-factor for us is whether we have designed any command-line syntaxes in a way that would allow a path starting with a dash to cause bad things to happen. I have a feeling the answer is "yes", even without considering the prospect that GNU getopt will arbitrarily rearrange the command words on us depending on what it thinks is a switch. (Maybe leading-dash is another one of the things we'd better make a policy against.) But meanwhile, yes, the argument for treating it as quotable in appendShellString seems completely bogus. I'll go change that. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers