Re: Don't use the deprecated and insecure PQcancel in our frontend tools anymore
Jelte Fennema-Nio <postgres@jeltef.nl>
From: "Jelte Fennema-Nio" <postgres@jeltef.nl>
To: "PostgreSQL Hackers" <pgsql-hackers@lists.postgresql.org>, "Alvaro
Herrera" <alvherre@alvh.no-ip.org>, "Jacob Champion"
<jacob.champion@enterprisedb.com>
Date: 2026-02-08T19:05:57Z
Lists: pgsql-hackers
Attachments
- v3-0001-Move-Windows-pthread-compatibility-functions-to-s.patch (text/x-patch) patch v3-0001
- v3-0002-Don-t-use-deprecated-and-insecure-PQcancel-psql-a.patch (text/x-patch) patch v3-0002
- v3-0003-pg_dump-Don-t-use-the-deprecated-and-insecure-PQc.patch (text/x-patch) patch v3-0003
On Sun Dec 14, 2025 at 3:40 PM CET, Jelte Fennema-Nio wrote: > A bunch of frontend tools, including psql, still used PQcancel to send > cancel requests to the server. That function is insecure, because it > does not use encryption to send the cancel request. This starts using > the new cancellation APIs (introduced in 61461a300) for all these > frontend tools. Small update. Split up the fe_utils and pg_dump changes into separate commits, to make patches easier to review. Also use non-blocking writes to the self-pipe from the signal handler to avoid potential deadlocks (extremely unlikely for such blocks to occur, but better safe than sorry).