Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wPVQG-000mE7-1o
	for pgsql-hackers@arkaria.postgresql.org;
	Wed, 20 May 2026 01:08:32 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wPVQE-005YHO-1F
	for pgsql-hackers@arkaria.postgresql.org;
	Wed, 20 May 2026 01:08:31 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <li.evan.chao@gmail.com>)
	id 1wPVQD-005YHG-3A
	for pgsql-hackers@lists.postgresql.org;
	Wed, 20 May 2026 01:08:31 +0000
Received: from mail-pg1-x530.google.com ([2607:f8b0:4864:20::530])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <li.evan.chao@gmail.com>)
	id 1wPVQC-00000000PT1-1W8o
	for pgsql-hackers@postgresql.org;
	Wed, 20 May 2026 01:08:30 +0000
Received: by mail-pg1-x530.google.com with SMTP id
 41be03b00d2f7-c6dd5b01e14so1917463a12.0
        for <pgsql-hackers@postgresql.org>;
 Tue, 19 May 2026 18:08:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1779239308; x=1779844108;
 darn=postgresql.org;
        h=references:to:cc:in-reply-to:date:subject:mime-version:message-id
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=YCDX2/uXk1YM7YlgNL/E27VjycydpU9OceEdGBbZt+Q=;
        b=SyKUwpq1EMzuaSHOK7FI+H1hvCESaw20dMYk5i27rrJT6xZMvmRTptpm3nU2wtPeNj
         Gv/Fm2MvYh9tIEw4oZLbChyHMD/RPS47bSq8h2uEFW2IX2AV5oW4PnseqIOyKRkwErHJ
         vprRm0IPnkha2PXj22pjs0hRs4k8DMpbOvnkQz+2TP29QB0vFoLhUklNeqFxQ1a9vEAC
         YgzI1lRGwpYloBzsWTcPEeeqrnakexPtED/mvW4vqq61aa6Mld+Wudo1xHOi30LNAW6V
         mVssOpGM3gVTHqebOdOYIOHkMZqsIFDeCOjlw9uKf4dmhezyHhi03HErVekaCbbyAof1
         Twjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779239308; x=1779844108;
        h=references:to:cc:in-reply-to:date:subject:mime-version:message-id
         :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=YCDX2/uXk1YM7YlgNL/E27VjycydpU9OceEdGBbZt+Q=;
        b=jF/mFGoetKwjYJjQGWShjAhUAcYMn9l8SGc6oZ63XF+Yc2xBaeywA6fG/g74YoGb6W
         OYheJQ0BtTBGXTNuNZWdBJSpsxGpvfSGeBKN1gr4i6l2yR+qDgTmluT8EE3jRS+PxH3V
         o2icU5g57k2WB6EneSLiTMsufA0HNlXFHSlVZ/Q+n81T35uF+SCC8RN79Z3Dux+rF5gh
         nuz8H1WDJybG13/r29d+vPfE21bko9gIyHvv0LvcjojOTQ9zXXAsolCfaNYosIO2nMvg
         yGSo+Ym3ah6zGNkj1r42HdTz7E9/cKQfVSqXBoTFo3EoOKKy/Bz3n7XEGXEeiEoXJv+q
         jgLg==
X-Gm-Message-State: AOJu0Yymxww9dPUpidyY4D4o6bPOCLPwPKT36HPRs4DzY7cF6q4QlvsO
	3rplDyGbtKMnsVtnh8aeAKWPQ901I76pusDTwnE7UCljg4a9illTU1a9lhnYDErbQiE=
X-Gm-Gg: Acq92OEX76jyrCGf1L7TDLTA3kFzmMFuo7e89SEBjESNSTvfDWq0R6FdtPz72S+PE9n
	3rTjShWiv/pXYLKgb6SiDnfrlQ+fibsmb128SLIqcweIYloUi42aQojbosUbq9vy3fJ+t+MJJQR
	nMWm7GE2pHH8h0ZAWE//ECbaA5sbvMNeUP+kGbJQHbb/wd+3mJRw0O0sozOOctZwHA8lHYYZXO4
	QimapHzMI2cc038lKxfnylkGWzNMAucjTXNz7F3G7HBUhNjvL4m/59wVsPALMN6tqKaW+GV8FPT
	hjjwbjJ4MG5ta86Orje1kZP5HH8hTbXuJwck3JiyJaqL0U5uh7WtFZ1gxQSS91Eu5/aoAue9wLM
	mXydfZ+BHwFkBKVyeXFTX6HmbvD7mgj0QXCM5C6mkbdqeQy9z2N9/XnfdvXuGPKsN+fFMBLdsDK
	9FKE062n/FTfM/JvvHmavxhw5DUkVxhlg=
X-Received: by 2002:a17:90b:3c8f:b0:368:ddd7:abcd with SMTP id
 98e67ed59e1d1-36951c9a01amr21071838a91.27.1779239308204;
        Tue, 19 May 2026 18:08:28 -0700 (PDT)
Received: from smtpclient.apple ([45.32.121.103])
        by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-c82bb08cde6sm17554740a12.13.2026.05.19.18.08.25
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 19 May 2026 18:08:27 -0700 (PDT)
From: Chao Li <li.evan.chao@gmail.com>
Message-Id: <07A40FBE-F3F8-4D3F-95CA-F82CECF94EEB@gmail.com>
Content-Type: multipart/mixed;
	boundary="Apple-Mail=_D2338916-4308-435E-B1A1-A39B40180967"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.400.21\))
Subject: Re: Avoid leaking system path from pg_available_extensions
Date: Wed, 20 May 2026 09:07:49 +0800
In-Reply-To: <357C774A-ECE9-4455-B641-315205D4D9A1@gmail.com>
Cc: Andrew Dunstan <andrew@dunslane.net>,
 Matheus Alcantara <matheusssilv97@gmail.com>
To: PostgreSQL-development <pgsql-hackers@postgresql.org>
References: <357C774A-ECE9-4455-B641-315205D4D9A1@gmail.com>
X-Mailer: Apple Mail (2.3864.400.21)
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/07A40FBE-F3F8-4D3F-95CA-F82CECF94EEB%40gmail.com>
Precedence: bulk


--Apple-Mail=_D2338916-4308-435E-B1A1-A39B40180967
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8



> On May 20, 2026, at 09:00, Chao Li <li.evan.chao@gmail.com> wrote:
>=20
> Hi,
>=20
> I just tested =E2=80=9CAdd paths of extensions to =
pg_available_extensions=E2=80=9D, and found an issue.
>=20
> This is a simple repro:
> ```
> evantest=3D# reset extension_control_path;
> RESET
> evantest=3D# select * from pg_available_extensions where name =3D =
'plpgsql';
>  name   | default_version | installed_version | location |           =
comment
> =
---------+-----------------+-------------------+----------+---------------=
---------------
> plpgsql | 1.0             | 1.0               | $system  | PL/pgSQL =
procedural language
> (1 row)
>=20
> evantest=3D# set extension_control_path=3D'';
> SET
> evantest=3D# select * from pg_available_extensions where name =3D =
'plpgsql';
>  name   | default_version | installed_version |             location   =
          |           comment
> =
---------+-----------------+-------------------+--------------------------=
--------+------------------------------
> plpgsql | 1.0             | 1.0               | =
/usr/local/pgsql/share/extension | PL/pgSQL procedural language
> (1 row)
> ```
>=20
> When extension_control_path is not set, location shows =E2=80=9C$system"=
, which is consistent with what the documentation says:
> ```
>       <para>
>        The default value for this parameter is
>        <literal>'$system'</literal>. If the value is set to an empty
>        string, the default <literal>'$system'</literal> is also =
assumed.
>       </para>
> ```
>=20
> However, as shown above, when I set extension_control_path to an empty =
string, the absolute system path is displayed. I consider this an =
information leakage bug.
>=20
> The fix is straightforward; see the attached patch for details. After =
the fix, when extension_control_path is an empty string, location shows =
=E2=80=9C$system=E2=80=9D now:
> ```
> evantest=3D# set extension_control_path=3D'';
> SET
> evantest=3D# select * from pg_available_extensions where name =3D =
'plpgsql';
>  name   | default_version | installed_version | location |           =
comment
> =
---------+-----------------+-------------------+----------+---------------=
---------------
> plpgsql | 1.0             | 1.0               | $system  | PL/pgSQL =
procedural language
> (1 row)
> ```
>=20
> Best regards,
> --
> Chao Li (Evan)
> HighGo Software Co., Ltd.
> https://www.highgo.com/
>=20
>=20
>=20
>=20

Oops, forgot the attachment. Here comes it.

Best regards,
--
Chao Li (Evan)
HighGo Software Co., Ltd.
https://www.highgo.com/





--Apple-Mail=_D2338916-4308-435E-B1A1-A39B40180967
Content-Disposition: attachment;
	filename=v1-0001-Avoid-leaking-system-path-from-pg_available_exten.patch
Content-Type: application/octet-stream;
	x-unix-mode=0644;
	name="v1-0001-Avoid-leaking-system-path-from-pg_available_exten.patch"
Content-Transfer-Encoding: quoted-printable

=46rom=200f9398b34a5484edbb93cb7771d6204bb37b6f7c=20Mon=20Sep=2017=20=
00:00:00=202001=0AFrom:=20"Chao=20Li=20(Evan)"=20<lic@highgo.com>=0A=
Date:=20Wed,=2020=20May=202026=2008:49:15=20+0800=0ASubject:=20[PATCH=20=
v1]=20Avoid=20leaking=20system=20path=20from=20pg_available_extensions=0A=
=0AThe=20documentation=20says=20that=20when=20extension_control_path=20=
is=20set=20to=20an=0Aempty=20string,=20the=20default=20'$system'=20path=20=
is=20still=20assumed.=20=20However,=0A=
get_extension_control_directories()=20added=20the=20system=20extension=20=
directory=0Awith=20a=20NULL=20macro=20in=20that=20case.=20=20As=20a=20=
result,=20pg_available_extensions=0Acould=20expose=20the=20expanded=20=
system=20directory=20path=20instead=20of=20reporting=0A'$system'=20as=20=
the=20location.=0A=0ARecord=20the=20implicitly-added=20system=20=
directory=20with=20the=20'$system'=20macro,=20so=0A=
pg_available_extensions=20reports=20the=20documented=20symbolic=20=
location=20and=20does=0Anot=20leak=20the=20actual=20system=20path.=0A=0A=
Update=20the=20extension_control_path=20TAP=20test=20to=20check=20the=20=
reported=20location=0Adirectly.=0A=0AAuthor:=20Chao=20Li=20=
<lic@highgo.com>=0AReviewed-by:=0ADiscussion:=20https://postgr.es/m/=0A=
---=0A=20src/backend/commands/extension.c=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20|=202=20+-=0A=20=
.../modules/test_extensions/t/001_extension_control_path.pl=20|=206=20=
+++---=0A=202=20files=20changed,=204=20insertions(+),=204=20deletions(-)=0A=
=0Adiff=20--git=20a/src/backend/commands/extension.c=20=
b/src/backend/commands/extension.c=0Aindex=20a330b5fd6ce..98f9d7018ae=20=
100644=0A---=20a/src/backend/commands/extension.c=0A+++=20=
b/src/backend/commands/extension.c=0A@@=20-526,7=20+526,7=20@@=20=
get_extension_control_directories(void)=0A=20=09{=0A=20=09=09=
ExtensionLocation=20*location=20=3D=20palloc_object(ExtensionLocation);=0A=
=20=0A-=09=09location->macro=20=3D=20NULL;=0A+=09=09location->macro=20=3D=20=
pstrdup("$system");=0A=20=09=09location->loc=20=3D=20system_dir;=0A=20=09=
=09paths=20=3D=20lappend(paths,=20location);=0A=20=09}=0Adiff=20--git=20=
a/src/test/modules/test_extensions/t/001_extension_control_path.pl=20=
b/src/test/modules/test_extensions/t/001_extension_control_path.pl=0A=
index=20c1cec0dc622..4a013a7da4b=20100644=0A---=20=
a/src/test/modules/test_extensions/t/001_extension_control_path.pl=0A+++=20=
b/src/test/modules/test_extensions/t/001_extension_control_path.pl=0A@@=20=
-109,10=20+109,10=20@@=20is($ret,=20"t",=0A=20=09"\$system=20extension=20=
is=20shown=20correctly=20in=20pg_available_extensions");=0A=20=0A=20$ret=20=
=3D=20$node->safe_psql('postgres',=0A-=09"set=20extension_control_path=20=
=3D=20'';=20select=20count(*)=20>=200=20as=20ok=20from=20=
pg_available_extensions=20where=20name=20=3D=20'plpgsql'"=0A+=09"set=20=
extension_control_path=20=3D=20'';=20select=20location=20from=20=
pg_available_extensions=20where=20name=20=3D=20'plpgsql'"=0A=20);=0A=
-is($ret,=20"t",=0A-=09"\$system=20extension=20is=20shown=20correctly=20=
in=20pg_available_extensions=20with=20empty=20extension_control_path"=0A=
+is($ret,=20"\$system",=0A+=09"\$system=20location=20is=20shown=20=
correctly=20in=20pg_available_extensions=20with=20empty=20=
extension_control_path"=0A=20);=0A=20=0A=20#=20Test=20with=20an=20=
extension=20that=20does=20not=20exists=0A--=20=0A2.50.1=20(Apple=20=
Git-155)=0A=0A=

--Apple-Mail=_D2338916-4308-435E-B1A1-A39B40180967--