Re: Don't use the deprecated and insecure PQcancel in our frontend tools anymore

Jelte Fennema-Nio <postgres@jeltef.nl>

From: "Jelte Fennema-Nio" <postgres@jeltef.nl>
To: "PostgreSQL Hackers" <pgsql-hackers@lists.postgresql.org>, "Alvaro Herrera" <alvherre@alvh.no-ip.org>, "Jacob Champion" <jacob.champion@enterprisedb.com>
Date: 2026-02-08T19:05:57Z
Lists: pgsql-hackers

Attachments

On Sun Dec 14, 2025 at 3:40 PM CET, Jelte Fennema-Nio wrote:
> A bunch of frontend tools, including psql, still used PQcancel to send
> cancel requests to the server. That function is insecure, because it
> does not use encryption to send the cancel request. This starts using
> the new cancellation APIs (introduced in 61461a300) for all these
> frontend tools. 

Small update. Split up the fe_utils and pg_dump changes into separate
commits, to make patches easier to review. Also use non-blocking writes
to the self-pipe from the signal handler to avoid potential deadlocks
(extremely unlikely for such blocks to occur, but better safe than sorry).