| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Cc: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
| Subject: | ACL identifier quoting has some issues |
| Date: | 2025-07-02 21:36:12 |
| Message-ID: | 3792884.1751492172@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter pointed out at [1] that acl.c's getid() behaves oddly
when presented with a string of just two double quotes ("").
If that has any sane interpretation it's as an empty string,
but what you got was a single double quote.
While looking at this I realized that there's another problem:
if the string contains any non-ASCII characters then we will
blindly apply isalnum() to byte(s) with the high bit set,
which will have encoding-dependent, locale-dependent,
and perhaps platform-dependent results. This could easily
result in putid() electing not to quote some string that,
later in some other environment, getid() will decide is not
a valid identifier, causing dump/reload or similar failures.
So I think we need to apply and back-patch something like
the attached. Here I've opined that any non-ASCII is safe.
We could invert that and decide that any non-ASCII is unsafe,
but that seems more likely to break existing dumps than this
choice is.
regards, tom lane
[1] https://www.postgresql.org/message-id/ee96443a-72f3-4a12-8ba7-326069fd1c14%40eisentraut.org
| Attachment | Content-Type | Size |
|---|---|---|
| fix-ACL-quoting-logic.patch | text/x-diff | 1.6 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2025-07-02 21:48:46 | Re: [PATCH] initdb: Treat empty -U argument as unset username |
| Previous Message | Arseniy Mukhin | 2025-07-02 19:40:32 | Re: GIN tries to form a tuple with a partial compressedList during insertion |