| From: | "Jelte Fennema-Nio" <postgres(at)jeltef(dot)nl> |
|---|---|
| To: | "PostgreSQL Hackers" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "Alvaro Herrera" <alvherre(at)alvh(dot)no-ip(dot)org>, "Jacob Champion" <jacob(dot)champion(at)enterprisedb(dot)com> |
| Subject: | Re: Don't use the deprecated and insecure PQcancel in our frontend tools anymore |
| Date: | 2026-02-08 19:05:57 |
| Message-ID: | DG9TD0OX13DP.2JAB9LIS2HTLO@jeltef.nl |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun Dec 14, 2025 at 3:40 PM CET, Jelte Fennema-Nio wrote:
> A bunch of frontend tools, including psql, still used PQcancel to send
> cancel requests to the server. That function is insecure, because it
> does not use encryption to send the cancel request. This starts using
> the new cancellation APIs (introduced in 61461a300) for all these
> frontend tools.
Small update. Split up the fe_utils and pg_dump changes into separate
commits, to make patches easier to review. Also use non-blocking writes
to the self-pipe from the signal handler to avoid potential deadlocks
(extremely unlikely for such blocks to occur, but better safe than sorry).
| Attachment | Content-Type | Size |
|---|---|---|
| v3-0001-Move-Windows-pthread-compatibility-functions-to-s.patch | text/x-patch | 2.9 KB |
| v3-0002-Don-t-use-deprecated-and-insecure-PQcancel-psql-a.patch | text/x-patch | 11.8 KB |
| v3-0003-pg_dump-Don-t-use-the-deprecated-and-insecure-PQc.patch | text/x-patch | 22.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jelte Fennema-Nio | 2026-02-08 20:27:08 | Re: Correct documentation for protocol version |
| Previous Message | Andres Freund | 2026-02-08 18:38:42 | Re: Buffer locking is special (hints, checksums, AIO writes) |