Link to home
Start Free TrialLog in
Avatar of Jay Corrales
Jay CorralesFlag for United States of America

asked on

PostgreSQL set config search path false commands in example program

Folks,


In this example code is written set config search_path false, but I  do not see that it is necessary because pg_dump --schema-only lists this set config search_path false. 


Is this necessary for every new PQconnectdb? 


Thanks


 res = PQexec(conn, "SELECT pg_catalog.set_config('search_path', '', false)");

Open in new window

/*
 * src/test/examples/testlibpq.c
 *
 *
 * testlibpq.c
 *
 *      Test the C version of libpq, the PostgreSQL frontend library.
 */
#include <stdio.h>
#include <stdlib.h>
#include "libpq-fe.h"

static void
exit_nicely(PGconn *conn)
{
    PQfinish(conn);
    exit(1);
}

int
main(int argc, char **argv)
{
    const char *conninfo;
    PGconn     *conn;
    PGresult   *res;
    int         nFields;
    int         i,
                j;

    /*
     * If the user supplies a parameter on the command line, use it as the
     * conninfo string; otherwise default to setting dbname=postgres and using
     * environment variables or defaults for all other connection parameters.
     */
    if (argc > 1)
        conninfo = argv[1];
    else
        conninfo = "dbname = postgres";

    /* Make a connection to the database */
    conn = PQconnectdb(conninfo);

    /* Check to see that the backend connection was successfully made */
    if (PQstatus(conn) != CONNECTION_OK)
    {
        fprintf(stderr, "%s", PQerrorMessage(conn));
        exit_nicely(conn);
    }

    /* Set always-secure search path, so malicious users can't take control. */
    res = PQexec(conn,
                 "SELECT pg_catalog.set_config('search_path', '', false)");
    if (PQresultStatus(res) != PGRES_TUPLES_OK)
    {
        fprintf(stderr, "SET failed: %s", PQerrorMessage(conn));
        PQclear(res);
        exit_nicely(conn);
    }

    /*
     * Should PQclear PGresult whenever it is no longer needed to avoid memory
     * leaks
     */
    PQclear(res);
...

Open in new window

PostgreSQL: Documentation: 15: 34.22. Example Programs

Avatar of Jay Corrales
Jay Corrales
Flag of United States of America image

ASKER

I do not know if CVE-2018-1058 is at play because the connection would not be hijacked due to C code execution of creating the database connection.


A Guide to CVE-2018-1058: Protect Your Search Path

Avatar of Noah
Hi!

The line SELECT pg_catalog.set_config('search_path', '', false) is used in the example code to set the search path explicitly and prevent malicious users from taking control. It ensures that the search path is empty, which means the default schema search order is not used.

Whether you need to use this statement for every new PQconnectdb call depends on your specific requirements and the behavior you want to achieve.

The example code sets the search path to empty, but if it is not executed, can it be changed from another process, e.g. from the pgsql prompt and effect the running process?

ASKER CERTIFIED SOLUTION
Avatar of Noah
Noah
Flag of Singapore image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Glad to help. Cheers! :)