Avoid leaking system path from pg_available_extensions
Andrew Dunstan <andrew@dunslane.net>
Avoid leaking system path from pg_available_extensions The documentation says that when extension_control_path is set to an empty string, the default '$system' path is still assumed. However, get_extension_control_directories() added the system extension directory with a NULL macro in that case. As a result, pg_available_extensions could expose the expanded system directory path instead of reporting '$system' as the location. Record the implicitly-added system directory with the '$system' macro, so pg_available_extensions reports the documented symbolic location and does not leak the actual system path. Update the extension_control_path TAP test to check the reported location directly. Author: Chao Li <lic@highgo.com> Reviewed-by: Lu Feng <fnlo1995@gmail.com> Reviewed-by: Matheus Alcantara <matheusssilv97@gmail.com> Reviewed-by: Jim Jones <jim.jones@uni-muenster.de> Discussion: https://postgr.es/m/357C774A-ECE9-4455-B641-315205D4D9A1@gmail.com
Files
| Path | Change | +/− |
|---|---|---|
| src/backend/commands/extension.c | modified | +5 −3 |
| src/test/modules/test_extensions/t/001_extension_control_path.pl | modified | +3 −3 |
Discussion
- Avoid leaking system path from pg_available_extensions 11 messages · 2026-05-20 → 2026-05-31