Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1txOji-008O3z-Gp for pgsql-committers@arkaria.postgresql.org; Wed, 26 Mar 2025 11:15:54 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1txOjg-001pEo-Ry for pgsql-committers@arkaria.postgresql.org; Wed, 26 Mar 2025 11:15:52 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1txOjg-001pEg-Ka for pgsql-committers@lists.postgresql.org; Wed, 26 Mar 2025 11:15:52 +0000 Received: from fout-a6-smtp.messagingengine.com ([103.168.172.149]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1txOjf-001E1h-02 for pgsql-committers@lists.postgresql.org; Wed, 26 Mar 2025 11:15:51 +0000 Received: from phl-compute-10.internal (phl-compute-10.phl.internal [10.202.2.50]) by mailfout.phl.internal (Postfix) with ESMTP id 9AE371383A17; Wed, 26 Mar 2025 07:15:49 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-10.internal (MEProxy); Wed, 26 Mar 2025 07:15:49 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eisentraut.org; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:subject:subject:to:to; s=fm1; t=1742987749; x=1743074149; bh=SOpvyT4VrMuGOLweFtRLerBMiXKR4yk1 P/JFbQzwml0=; b=IrRxn5SIJzwVoRz9xIJLfzXbxhNsGiaIVLE6leIZXUCLhg5f FZ//yMoODq8cOnZseGWKlT4NMNmHvo9yunIL3TxByzah+xFmkzgKwc6RuZpr6s6P A5yxXomUVjUM7K+xK5wURFn7N/6gFJYjn3PiecyMliDiGFFK3ZTF9qzOdQJsjhgw QYup6+3M8a7YewhzkYgnti6UJG4WaG6rawUIF+swQAZzozkHRs/VP/AVKkhKpDzv O1BxlWlENRJZ7zjWbZAfUZON/zJvrhcxeXi37MgvFSZYS5qL/YldUPMGqCjzI2J0 aMmJHb0aQYkajiwY3lg7Kk0O7SC9x5aI3c0rWA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1742987749; x= 1743074149; bh=SOpvyT4VrMuGOLweFtRLerBMiXKR4yk1P/JFbQzwml0=; b=K AqFgAMSA4oiOv8K++X8SrbKWSqr2fwrPQyzzAjwYg4XNNE+dbGue07YaywOpBD2T EzXzl/uZc92jLoPO05MtQ2Ypni0wDhOElDZ3y//pgRtzJ9iUf2Vn9w8G7blkCytk THEIsT5oGl8FP6ZPFG6WYxpFRrAi5NlxbOisV2V+izKQQpMSavkBT06VJ4KugVh/ TxkZGieFyj+lEj7wJ0WE/UYgA8M0xw/pVANX+cGBS02D/bxBwayTt/LpIuBoKJa1 AbtY/3b9p6XbBqYqgmIu2eBxYcE8aOHGQrlJWMd5/Md2CqMSmrNvaC+HQ0yahUds W0o8eH/o1Rzj89DM5jEtA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdduieehfeekucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefkff ggfgfuvfevfhfhjggtgfesthejredttddvjeenucfhrhhomheprfgvthgvrhcugfhishgv nhhtrhgruhhtuceophgvthgvrhesvghishgvnhhtrhgruhhtrdhorhhgqeenucggtffrrg htthgvrhhnpefgjedthfekfedtuefgieelheetleejgefhueeltdfhueetvdffudekfeej hfegheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hpvghtvghrsegvihhsvghnthhrrghuthdrohhrghdpnhgspghrtghpthhtohepvddpmhho uggvpehsmhhtphhouhhtpdhrtghpthhtohepthhglhesshhsshdrphhghhdrphgrrdhush dprhgtphhtthhopehpghhsqhhlqdgtohhmmhhithhtvghrsheslhhishhtshdrphhoshht ghhrvghsqhhlrdhorhhg X-ME-Proxy: Feedback-ID: ie0a040ee:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 26 Mar 2025 07:15:48 -0400 (EDT) Message-ID: <92568c98-aff9-4e98-baf3-6794866e39a6@eisentraut.org> Date: Wed, 26 Mar 2025 12:15:48 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: pgsql: postgres_fdw: improve security checks To: Tom Lane Cc: pgsql-committers@lists.postgresql.org References: <1349037.1742950752@sss.pgh.pa.us> Content-Language: en-US From: Peter Eisentraut In-Reply-To: <1349037.1742950752@sss.pgh.pa.us> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 26.03.25 01:59, Tom Lane wrote: > Peter Eisentraut writes: >> postgres_fdw: improve security checks > > This patch is failing on "drongo" [1]. It looks like the problem > is that the pg_hba.conf file being used doesn't allow for TCP > loopback connections. > > To make that safe, the test would have to be changed to not run by > default. We could gate it with a PG_TEST_EXTRA check ... but the > end result would likely be that it gets run by just about nobody. > I wonder whether it's worth the trouble. This has been fixed.