| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Do quoting more carefully in replication commands |
| Date: | 2026-06-12 18:01:50 |
| Message-ID: | 1648659.1781287310@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
The security team received a report that pg_recvlogical was
careless about quoting --option arguments that are passed
into the START_REPLICATION command given to the server. In
principle this'd allow an attacker to inject unwanted stuff
into START_REPLICATION's options. However, we found it really
hard to envision a situation where somebody would be passing
strings obtained from untrustworthy sources to pg_recvlogical,
especially given that anything to do with replication already
requires pretty high privilege. So we're electing to treat this
as a garden-variety bug rather than one requiring the CVE process.
Looking around revealed other places also being sloppy about
quoting strings inserted into replication commands, but the same
who-would-do-that argument applies to them too. So here is a
patch that tries to clean all that up.
(I envision back-patching this all the way, but have not yet
looked at whether the back branches will require adjustments.)
regards, tom lane
| Attachment | Content-Type | Size |
|---|---|---|
| v1-0001-Clean-up-quoting-of-variable-strings-within-repli.patch | text/x-diff | 19.6 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Masahiko Sawada | 2026-06-12 18:19:31 | mxid_score can become Infinity in pg_stat_autovacuum_scores |
| Previous Message | Tomas Vondra | 2026-06-12 17:26:04 | Re: Key joins |