| From: | Dilip Kumar <dilipbalaut(at)gmail(dot)com> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, jchord(at)google(dot)com, dtighe(at)google(dot)com |
| Subject: | Path Traversal Vulnerability in pg_dump Directory Format |
| Date: | 2026-07-03 06:51:57 |
| Message-ID: | CAFiTN-v8aH1ZMNuN5xQr_TRFM0Dbcg7A6BU2s5Y5=XNPey2BRQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I would like to submit a patch to address a path traversal
vulnerability in pg_dump's directory format mode (-F d). Currently,
filenames listed in directory-format TOC files (toc.dat and
blobs_*.toc) are treated as trusted when reading an archive during a
restore. If an archive entry filename is maliciously modified to
contain path traversal elements (such as ..) or directory separators,
pg_restore can be tricked into reading files outside the intended
backup directory. The attached patch fixes this vulnerability.
--
Regards,
Dilip Kumar
Google
| Attachment | Content-Type | Size |
|---|---|---|
| v1-0001-pg_dump-Validate-archive-entry-filenames-in-direc.patch | application/octet-stream | 2.1 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | wenhui qiu | 2026-07-03 07:06:25 | Re: Terminology: "temporary relation" vs "temporary table" in tablecmds.c |
| Previous Message | Alberto Piai | 2026-07-03 06:42:18 | Re: Adding a stored generated column without long-lived locks |