Re: Synchronizing slots from primary to standby
От | Bertrand Drouvot |
---|---|
Тема | Re: Synchronizing slots from primary to standby |
Дата | |
Msg-id | ZdhQH5corDs++DMp@ip-10-97-1-34.eu-west-3.compute.internal обсуждение исходный текст |
Ответ на | Re: Synchronizing slots from primary to standby (shveta malik <shveta.malik@gmail.com>) |
Ответы |
Re: Synchronizing slots from primary to standby
|
Список | pgsql-hackers |
Hi, On Fri, Feb 23, 2024 at 09:43:48AM +0530, shveta malik wrote: > On Fri, Feb 23, 2024 at 8:35 AM shveta malik <shveta.malik@gmail.com> wrote: > > > > On Thu, Feb 22, 2024 at 4:35 PM Bertrand Drouvot > > <bertranddrouvot.pg@gmail.com> wrote: > > > > > > Suppose that in synchronize_slots() the query would be: > > > > > > const char *query = "SELECT slot_name, plugin, confirmed_flush_lsn," > > > " restart_lsn, catalog_xmin, two_phase, failover," > > > " database, conflict_reason" > > > " FROM pg_catalog.pg_replication_slots" > > > " WHERE failover and NOT temporary and 1 = 1"; > > > > > > Then my comment is to rewrite it to: > > > > > > const char *query = "SELECT slot_name, plugin, confirmed_flush_lsn," > > > " restart_lsn, catalog_xmin, two_phase, failover," > > > " database, conflict_reason" > > > " FROM pg_catalog.pg_replication_slots" > > > " WHERE failover and NOT temporary and 1 OPERATOR(pg_catalog.=) 1"; > > > > > > to ensure the operator "=" is coming from the pg_catalog schema. > > > > > > > Thanks for the details, but slot-sync does not use SPI calls, it uses > > libpqrcv calls. So is this change needed? > > Additionally, I would like to have a better understanding of why it's > necessary and whether it addresses any potential security risks. Because one could create say the "=" OPERATOR in their own schema, attach a function to it doing undesired stuff and change the search_path for the database the sync slot worker connects to. Then this new "=" operator would be used (instead of the pg_catalog.= one), triggering the "undesired" function as superuser. Regards, -- Bertrand Drouvot PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com
В списке pgsql-hackers по дате отправления: