-
由 Daniel Gustafsson 提交于
The --backend_output parameter was used to redirect output from initdb executing the backend during probing to a separate logfile. This log was then appended to the main initdb log in case of errors. Blindly passing user parameters to system() is however problematic, as it will execute any arbitrary commands passed. The below example will redir the output and also execute echo. ./bin/initdb -D data --backend_output="/tmp/out.log\" 2>&1; echo \"a" There is no privilege escalation in initdb, so there is no security angle to this, but it's still a less than desirable capability. Fix by removing the parameter altogether (this feature does not exist in upstream). Reviewed-by: NJacob Champion <pchampion@pivotal.io>
f37acd85