Re: Want to disable fully qualified table names on pg_dump in pg_dump (PostgreSQL) 9.6.8

From: Foolish Ewe <foolishewe(at)hotmail(dot)com>
To: Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: Re: Want to disable fully qualified table names on pg_dump in pg_dump (PostgreSQL) 9.6.8
Date: 2018-03-16 20:55:59
Message-ID: MWHPR14MB160008DF2A6F2C250DEE3885C0D70@MWHPR14MB1600.namprd14.prod.outlook.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Thank you Adrian, this is informative.

With best regards:

Bill

________________________________________
From: Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>
Sent: Thursday, March 15, 2018 11:09 PM
To: Foolish Ewe; pgsql-general(at)lists(dot)postgresql(dot)org
Subject: Re: Want to disable fully qualified table names on pg_dump in pg_dump (PostgreSQL) 9.6.8

On 03/15/2018 04:00 PM, Foolish Ewe wrote:
> Hello All:
>
> A number of our team members and I use pg_dump to export schema in an
> Ubuntu 16.04 environment, I happen to have a postgress 9.6.4 server
> that runs in a docker container, and in some cases I see the following
> select statement and fully qualified table names in the
> CREATE TABLE and ALTER TABLE statements:
>
> SELECT pg_catalog.set_config('search_path', '', false);
>
> CREATE TABLE database_name.table_name

I am pretty sure you are actually seeing:

CREATE TABLE schema_name.table_name

>
> and likewise for ALTER TABLE.
>
> But other users (who haven't updated their systems recently) do not see
> the SELECT statement and we see unqualified table names, e.g.:
>
>
> CREATE TABLE table_name
>
>
> These changes in format impact our workflows, we would prefer to have
> unqualified table names.
>

>
> Does anyone have an idea of what might cause this? Is there something
> we can do on the client side to avoid getting qualified table names?

The reason:

https://www.postgresql.org/about/news/1834/

"The purpose of this release is to address CVE-2018-1058, which
describes how a user can create like-named objects in different schemas
that can change the behavior of other users' queries and cause
unexpected or malicious behavior, also known as a "trojan-horse" attack. "

More information

https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path

There is no flag to unset this.

>
> With best regards:
>
> Bill
>
>
>

--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Victoria Stuart (VictoriasJourney.com) 2018-03-16 21:17:07 Re: Nvim as external editor in psql as Postgres root user - .vimrc (environment?) issue
Previous Message Adrian Klaver 2018-03-16 20:33:17 Re: Nvim as external editor in psql as Postgres root user - .vimrc (environment?) issue