| From: | Nathan Bossart <nathan(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: doc: Expand on proper use of refint. |
| Date: | 2026-06-08 15:35:06 |
| Message-ID: | E1wWc0I-001bwR-2E@gemulon.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
doc: Expand on proper use of refint.
The security team has received a couple of reports about potential
SQL injection via refint's trigger arguments. We discussed this
while preparing CVE-2026-6637 and concluded that forcibly quoting
these arguments is more likely to break working code than to
prevent exploits. Unlike data values, the table/column names come
from trigger arguments, and there is little reason for a trigger
author to put hostile inputs into those arguments. So, let's
document it accordingly.
Reported-by: Nikolay Samokhvalov <nik(at)postgres(dot)ai>
Reported-by: Alex Young <alex000young(at)gmail(dot)com>
Reported-by: Satyanarayana Narlapuram <satyanarlapuram(at)gmail(dot)com>
Suggested-by: Noah Misch <noah(at)leadboat(dot)com>
Reviewed-by: Noah Misch <noah(at)leadboat(dot)com>
Reviewed-by: Fujii Masao <masao(dot)fujii(at)oss(dot)nttdata(dot)com>
Reviewed-by: Christoph Berg <myon(at)debian(dot)org>
Reviewed-by: Satyanarayana Narlapuram <satyanarlapuram(at)gmail(dot)com>
Discussion: https://postgr.es/m/ahXP7z7nsfGPOZ3T%40nathan
Backpatch-through: 14
Branch
------
REL_16_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/4b328ebfa85aae3b3ac5f7b573df930aa5d52a95
Modified Files
--------------
doc/src/sgml/contrib-spi.sgml | 58 ++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 57 insertions(+), 1 deletion(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2026-06-08 15:49:32 | pgsql: Fix missed checks for hashability of container-type equality. |
| Previous Message | Daniel Gustafsson | 2026-06-08 09:12:12 | pgsql: doc: Fix spelling for CHECKPOINT reference page |