Re: Fix unqualified catalog references in psql describe queries
Bertrand Drouvot <bertranddrouvot.pg@gmail.com>
From: Bertrand Drouvot <bertranddrouvot.pg@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Michael Paquier <michael@paquier.xyz>, Chao Li <li.evan.chao@gmail.com>, Postgres hackers <pgsql-hackers@lists.postgresql.org>, Fujii Masao <masao.fujii@gmail.com>, Peter Eisentraut <peter@eisentraut.org>, Jeff Davis <pgsql@j-davis.com>, Ashutosh Bapat <ashutosh.bapat.oss@gmail.com>, Amit Kapila <amit.kapila16@gmail.com>
Date: 2026-06-10T06:16:36Z
Lists: pgsql-hackers
Hi, On Tue, Jun 09, 2026 at 10:12:48PM -0400, Tom Lane wrote: > Michael Paquier <michael@paquier.xyz> writes: > > On Tue, Jun 09, 2026 at 09:08:50AM +0000, Bertrand Drouvot wrote: > >> Now I wonder if we shoud not "protect" the operators too. They could also > >> lead to wrong results (if not worst). > > > Kind of true. Still we have been pretty lax about the operators as > > they also lead to less readable queries. > > We disclaimed security against odd search_paths for these queries long ago, > precisely because wrapping every operator in PG_OPERATOR(pg_catalog.*) > would be far too tedious and destructive of readability --- not to > mention that there are some syntaxes such as IN that don't even offer > the option to do that. I do agree that doing so would "destroy" the readability. I did not look in detail, but what about forcing ALWAYS_SECURE_SEARCH_PATH_SQL before the queries and restore the search_path once the query is done? (that way that would not impact the readability) Regards, -- Bertrand Drouvot PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com
Commits
-
psql: Add some missing schema qualifications in describe.c
- bf5206f00773 19 (unreleased) landed
-
SQL Property Graph Queries (SQL/PGQ)
- 2f094e7ac691 19 (unreleased) cited
-
CREATE SUBSCRIPTION ... SERVER.
- 8185bb534763 19 (unreleased) cited