Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wPzCJ-001CKF-0e for pgsql-hackers@arkaria.postgresql.org; Thu, 21 May 2026 08:56:07 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wPzCG-009i8d-0U for pgsql-hackers@arkaria.postgresql.org; Thu, 21 May 2026 08:56:05 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wPzCF-009i8V-2B for pgsql-hackers@lists.postgresql.org; Thu, 21 May 2026 08:56:04 +0000 Received: from mail-qt1-x82b.google.com ([2607:f8b0:4864:20::82b]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wPzCE-000000004f8-1KKa for pgsql-hackers@postgresql.org; Thu, 21 May 2026 08:56:03 +0000 Received: by mail-qt1-x82b.google.com with SMTP id d75a77b69052e-50fbd79350dso63399501cf.3 for ; Thu, 21 May 2026 01:56:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779353761; cv=none; d=google.com; s=arc-20240605; b=Xo31e/faA2LtITPHt/5mWXYfDI8y2d6DiRyut+MbxA3SaasWHq7cBWrCDujSNXQ3+g 8BpuNgVX5F1ASPu+/alOpWcCUmtCpEJPCVwUc4nArwanxYJqvlfajG41sIrkL7aguBoK oIb6CnVWYUJ2v/qJX/2+WxPYNZp41Vzuzo+yRJ6FolPXbP1ufrtF6vFIX10v/F3kw/Jm G9D8t+G8RS22tgOss6UQspxFBMd6IFHf3YZaOd2E2R2xTpPcnCfeF8H2K6d9nuoX9P7c +fL1dQSiUJDAe6uFKbZV29sLy6AMs1xtoIHKRHfISLjrKzLHqNUxx2E4SxZRZv6p5vCw iZjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=+Pwg0OaJGIV5wEQJRoDokGysY3fI+MpMmEMA6TSfNV4=; fh=Ci3jbrZdY3Zn7ztOlrGWlw/A9anURrWg120Jpa7kXyE=; b=G+XstCbZQBZr6VxxxPJz1mpzaeZLpkFi5f92rJ5B1mDSfVXT1zkBLsrk/yZLyR7L5W KqwGgpLSFqaGXZ9pagbAH5UjJaVi1yUOZsh37aMR11/6KQ6tfJiWCBkkAsiMt9mrB7RD MmyJUKhzPQTfbaqcrqvPRZpiUCph/+amUabt11o3Zr0lW8ql2/1UIlFAV4zdqGhGC1TX 3R+u4PIBRVLB6FNMpkqf0z+BPKn9qFVVscPwdJBNX4/xG1l0cmiJPjmGmppvfWMQ58Vb eeVKN+B2P4fvXAvN/M4tiqMHxAAUy+4j4vy5cGwkITuILIHOyR2G8UxaCl5nDqUXEhyh y6/w==; darn=postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779353761; x=1779958561; darn=postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+Pwg0OaJGIV5wEQJRoDokGysY3fI+MpMmEMA6TSfNV4=; b=WEXSZHhoTWKS0i9HYaFiJLqqHoOblrcsYPYwkeobZalHpXFb0ElCZY6whMN3X42j2F Whu+PjtJDFjNqfAFtc66nvQIf7fA30gRpUp+ER9MS0wi20/tQ/J++rltZ/OIfxZCvh41 ucapRR+MJ6cTaP0Cl9W2GKgkMDccRyBkNSGjMa98gcEwVvT4YcedjArD79YBj8xIYd2E gn+1ptwg2uAN+kLtZPmwsbhns6tSqWO7cqHVhbOznyXU5YxWy73jJeE95viaRQwnsO42 QTz9DuFOveBa8W//Ot2zibd61ePlPOBvtuzSf3v+a5enEaB5/Pfml1OIet7Wnjtb2LWK 5rOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779353761; x=1779958561; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=+Pwg0OaJGIV5wEQJRoDokGysY3fI+MpMmEMA6TSfNV4=; b=MB4sFGhBQFadQqP/ZZU/B4cRdJvgjh554YXXQpVAOpMpSi6f1Mn2sjcbpIGralTVNn 0jFOBh0hLfgFF0Rk2M0L8oPFqIyKkMdYtvCQgLdtptHi++7LujLQ6uCpjSLxcF7z2JNA 7H9cRvyNhNe7QQ93ndgFeVMZuoIubkVzYTTfkPXjX0dPJ6y7BrOI4dIT7NBcO0Dy52R6 EtMm7lN0b6/iwJIopsrzjiZa0JzuMDSiiNovSxggrv58ljCbgVsAtyl5y5tfartecUz4 LwnRlkUXFkakrNOFYXILuUfBQEn9H2kEKVyjqnWO401dgqKV4KwHodvLhyXOjS8HvBot e5VA== X-Gm-Message-State: AOJu0YyrJFGADPPLOFJp6acaS7U4BWoloUCfXicV8GY8/Y6fhWvo3Gm0 aMgWGC4l4Q2cfiLNLXG27KtpVPiBDZNYFQiPxkivfVY+owTY2mJu6KAYyXYmPXgWJBd5x2kYzzk lZBllxXvHg4z7m6wI+KrGWL6S0lFf8IA= X-Gm-Gg: Acq92OGmtOAziEbr07vqaTYaiNBMdLMSWgg22cMf6Xp4n1aQ/jkrKFaFnAK1xlYN1KU kHAPJ6uB6LDNeVdAO6q2+3h3eczllYcWQHVpmnizMFAlVBdBibjJp3D9KBJDrEnmJJcWMr08e2O QPwVEGqf7saoltf+BsO6p2wNa/L7OksMR1G/oi0LekdYd+7RmXEOL13o93C1ZH3dXpO6I39b2TK uCu1gJU0SOdNA5QhKQmFXEKwLltdjxigl4eL5KC5Lr5/0uPg0CgfxvBlvdmtYye9zwaOIg/qSde 6E3COfBNEP5Hd3SFbQcb1ba3ktJ9w/d/AxWc1HZ9YEPOQRI3tAQ5uOpqYdXkcxuHS1AfJBDHZA= = X-Received: by 2002:a05:622a:558f:b0:50f:b3d0:c5ed with SMTP id d75a77b69052e-516c5540bcdmr24983871cf.31.1779353761394; Thu, 21 May 2026 01:56:01 -0700 (PDT) MIME-Version: 1.0 References: <357C774A-ECE9-4455-B641-315205D4D9A1@gmail.com> <07A40FBE-F3F8-4D3F-95CA-F82CECF94EEB@gmail.com> In-Reply-To: <07A40FBE-F3F8-4D3F-95CA-F82CECF94EEB@gmail.com> From: lu feng Date: Thu, 21 May 2026 16:55:47 +0800 X-Gm-Features: AVHnY4L3S2fGxTbTA2vYTdoG6f3KkdTRokIVXg0Sqd6dm5cJbT3HmZQ7wb6FOgc Message-ID: Subject: Re: Avoid leaking system path from pg_available_extensions To: Chao Li Cc: PostgreSQL-development , Andrew Dunstan , Matheus Alcantara Content-Type: multipart/alternative; boundary="000000000000e0b32206525014c5" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000e0b32206525014c5 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Chao Li =E4=BA=8E2026=E5=B9=B45=E6=9C=8820=E6=97= =A5=E5=91=A8=E4=B8=89 09:08=E5=86=99=E9=81=93=EF=BC=9A > > > > On May 20, 2026, at 09:00, Chao Li wrote: > > > > Hi, > > > > I just tested =E2=80=9CAdd paths of extensions to pg_available_extensio= ns=E2=80=9D, and > found an issue. > > > > This is a simple repro: > > ``` > > evantest=3D# reset extension_control_path; > > RESET > > evantest=3D# select * from pg_available_extensions where name =3D 'plpg= sql'; > > name | default_version | installed_version | location | > comment > > > ---------+-----------------+-------------------+----------+--------------= ---------------- > > plpgsql | 1.0 | 1.0 | $system | PL/pgSQL > procedural language > > (1 row) > > > > evantest=3D# set extension_control_path=3D''; > > SET > > evantest=3D# select * from pg_available_extensions where name =3D 'plpg= sql'; > > name | default_version | installed_version | location > | comment > > > ---------+-----------------+-------------------+-------------------------= ---------+------------------------------ > > plpgsql | 1.0 | 1.0 | > /usr/local/pgsql/share/extension | PL/pgSQL procedural language > > (1 row) > > ``` > > > > When extension_control_path is not set, location shows =E2=80=9C$system= ", which > is consistent with what the documentation says: > > ``` > > > > The default value for this parameter is > > '$system'. If the value is set to an empty > > string, the default '$system' is also assumed= . > > > > ``` > > > > However, as shown above, when I set extension_control_path to an empty > string, the absolute system path is displayed. I consider this an > information leakage bug. > > > > The fix is straightforward; see the attached patch for details. After > the fix, when extension_control_path is an empty string, location shows > =E2=80=9C$system=E2=80=9D now: > > ``` > > evantest=3D# set extension_control_path=3D''; > > SET > > evantest=3D# select * from pg_available_extensions where name =3D 'plpg= sql'; > > name | default_version | installed_version | location | > comment > > > ---------+-----------------+-------------------+----------+--------------= ---------------- > > plpgsql | 1.0 | 1.0 | $system | PL/pgSQL > procedural language > > (1 row) > > ``` > > > > Best regards, > > -- > > Chao Li (Evan) > > HighGo Software Co., Ltd. > > https://www.highgo.com/ > > > > > > > > > > Oops, forgot the attachment. Here comes it. > > Best regards, > -- > Chao Li (Evan) > HighGo Software Co., Ltd. > https://www.highgo.com/ > > > > > Thanks for the patch. I just reproduced the problem and verified the fix. So this patch looks good to me. Regards, Lu Feng --000000000000e0b32206525014c5 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


Chao Li <li.evan.chao@gmail.com> =E4= =BA=8E2026=E5=B9=B45=E6=9C=8820=E6=97=A5=E5=91=A8=E4=B8=89 09:08=E5=86=99= =E9=81=93=EF=BC=9A


> On May 20, 2026, at 09:00, Chao Li <li.evan.chao@gmail.com> wrote:
>
> Hi,
>
> I just tested =E2=80=9CAdd paths of extensions to pg_available_extensi= ons=E2=80=9D, and found an issue.
>
> This is a simple repro:
> ```
> evantest=3D# reset extension_control_path;
> RESET
> evantest=3D# select * from pg_available_extensions where name =3D '= ;plpgsql';
>=C2=A0 name=C2=A0 =C2=A0| default_version | installed_version | locatio= n |=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0comment
> ---------+-----------------+-------------------+----------+-----------= -------------------
> plpgsql | 1.0=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| 1.0=C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| $system=C2=A0 | PL/pg= SQL procedural language
> (1 row)
>
> evantest=3D# set extension_control_path=3D'';
> SET
> evantest=3D# select * from pg_available_extensions where name =3D '= ;plpgsql';
>=C2=A0 name=C2=A0 =C2=A0| default_version | installed_version |=C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0location=C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0comment > ---------+-----------------+-------------------+----------------------= ------------+------------------------------
> plpgsql | 1.0=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| 1.0=C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| /usr/local/pgsql/shar= e/extension | PL/pgSQL procedural language
> (1 row)
> ```
>
> When extension_control_path is not set, location shows =E2=80=9C$syste= m", which is consistent with what the documentation says:
> ```
>=C2=A0 =C2=A0 =C2=A0 =C2=A0<para>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 The default value for this parameter is
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 <literal>'$system'</litera= l>. If the value is set to an empty
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 string, the default <literal>'$sy= stem'</literal> is also assumed.
>=C2=A0 =C2=A0 =C2=A0 =C2=A0</para>
> ```
>
> However, as shown above, when I set extension_control_path to an empty= string, the absolute system path is displayed. I consider this an informat= ion leakage bug.
>
> The fix is straightforward; see the attached patch for details. After = the fix, when extension_control_path is an empty string, location shows =E2= =80=9C$system=E2=80=9D now:
> ```
> evantest=3D# set extension_control_path=3D'';
> SET
> evantest=3D# select * from pg_available_extensions where name =3D '= ;plpgsql';
>=C2=A0 name=C2=A0 =C2=A0| default_version | installed_version | locatio= n |=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0comment
> ---------+-----------------+-------------------+----------+-----------= -------------------
> plpgsql | 1.0=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| 1.0=C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| $system=C2=A0 | PL/pg= SQL procedural language
> (1 row)
> ```
>
> Best regards,
> --
> Chao Li (Evan)
> HighGo Software Co., Ltd.
> https://www.highgo.com/
>
>
>
>

Oops, forgot the attachment. Here comes it.

Best regards,
--
Chao Li (Evan)
HighGo Software Co., Ltd.
ht= tps://www.highgo.com/




Thanks for the patch. I just reproduced the problem a= nd verified the fix. So this patch looks good to me.

Regards,
Lu Feng
=C2=A0
--000000000000e0b32206525014c5--