Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1veCyp-00AGM5-0y for pgsql-hackers@arkaria.postgresql.org; Fri, 09 Jan 2026 13:56:44 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1veCyo-007OJk-0n for pgsql-hackers@arkaria.postgresql.org; Fri, 09 Jan 2026 13:56:43 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1veCyn-007OJa-2x for pgsql-hackers@lists.postgresql.org; Fri, 09 Jan 2026 13:56:42 +0000 Received: from mail-wm1-x329.google.com ([2a00:1450:4864:20::329]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1veCyn-00556H-0a for pgsql-hackers@lists.postgresql.org; Fri, 09 Jan 2026 13:56:41 +0000 Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-477563e28a3so21511945e9.1 for ; Fri, 09 Jan 2026 05:56:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cybertec.at; s=google; t=1767966999; x=1768571799; darn=lists.postgresql.org; h=message-id:date:content-id:mime-version:comments:references :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id :reply-to; bh=MN5eP9FJ0SslfYclN1BYH4z9hbCzJ4NKm74HIldqCbM=; b=KbemXqeNVdbgy4TUEkPMNFZt4dKLTaaVr1mT+1eeKO/EXSN8SFzXJFUdaPE6Eide+F 8ginCwuBCAKZFX21cikh10dN9/p1gK+jZ03tt5MiJk9WeYZyObSS5qCCMO3eI7xvoEd8 dhdjxWQuWooR5UyXUqbCZc3vzIwcSIAjPpuoWinPpmtcKPq4xx9DodGHxOcQEw4M6nyQ pfSIBqFNkBmk34f44jLpd95qN4vFnPbU6q4BbwWCMiSPpp5wwmr8Zvz00LjvOSNJ8QkL qiawhKoyG0lG/8X2jut/HEU+58ylvzQplNRby8YgzD7991hN9x6wa22fpxjFPK67SrGj U2iA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767966999; x=1768571799; h=message-id:date:content-id:mime-version:comments:references :in-reply-to:subject:cc:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=MN5eP9FJ0SslfYclN1BYH4z9hbCzJ4NKm74HIldqCbM=; b=Hu2CwPbxfc7MXXG1vvd/EJ0lHIv4NYj12B4tufeBgM28ViTlc6d6hkxmxJy1R0SOkw q1ap9/6azx4LQOZWTu5ML/uZhey+IknTqcejWtzCIAicnNSziWkaiZdHoT1FN5HVO/Ia ZCfhP7zQW+KkVeAvq/q5k7ogmT48MCU3eLAcXIT8FH/LSadL/q8YYQQgT0gvrTbyRW3C pDbnXELJGWKpEqA7hMIrvVpi8purUR6XG6JRijYZP4f0a7xVbuYr6WX/huXJAzGMkIBK SLjhYlTNtTtfNPUrkCBiI+njsQ4ZErwSBxXUm4eB+C0ZxH5McPc5DAj3VnYjhhaP5dyJ dAXw== X-Forwarded-Encrypted: i=1; AJvYcCXK75dpaesjTk0cheJuCw5Q2N8r4/MQSbOdVYCi+HmHVklGCHwoRqGdygxWz4kJhDsQO62TAtUMNVgcAHVm@lists.postgresql.org X-Gm-Message-State: AOJu0YxOwkY7QMAbPE53Z6+RjBO0DclsAcq1914u2ztIQdWySJouBfZs Y/K04qW2i8LIC/lkt4SB8ozZXa+sxDFD64coRpEQ8SQVcy704TDTxR93H4mwm/PZxhM= X-Gm-Gg: AY/fxX5oxJI5UM0tMIt4+fAGAWKqfxJku18aCGRvk1fzX21pvko7NEXzAoTd3JFrQoo 8skKmWGEWeiQ/E/iP5SLo8Mqi/+XkFcPpxzp+6RXe6VYWF6xJod3u5leIxPbdK0iNI1yRDT3sBs mKukm6wMqafdAd6y5qeMiAgc3Xk1ETuhN/OVf0GSyNw0cyOm2GS0iIVuoJ9w9GGF9eK8CutHaie l/eh7rFaPb7I6heCel8FHHmX0Slp7URa30qV19uBEk014gGilYNkpN69jH+d4TybrFbRFfCb4bs /O4NAruxB7DSVbCEuzznasNpccC41EWFvrCSpWRrWk+p/EElPyb0AZ3dHSOMEVx0z3JFGXzWGSn vT2Lb6o+3DX4jDsyjNeopMRfr5X0k991d40EgWEXBs/sQg8/Mgb6PNEZ81M3TNam/iqc1oO1Puo guxJU0MioRiH6NmhE5tWEQwmXy X-Google-Smtp-Source: AGHT+IGm9xdsfb/Zdl+wAtvSJm9lL9YFc6Y1iaZ60mlXfNs9KhMz9C3sngQfFhiMCE1l9k7nTQDQsg== X-Received: by 2002:a05:600c:3541:b0:477:9fa0:7495 with SMTP id 5b1f17b1804b1-47d848787e3mr126262885e9.14.1767966999074; Fri, 09 Jan 2026 05:56:39 -0800 (PST) Received: from localhost (109-81-168-246.rct.o2.cz. [109.81.168.246]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d86372c92sm71550375e9.0.2026.01.09.05.56.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Jan 2026 05:56:38 -0800 (PST) From: Antonin Houska To: Greg Sabino Mullane cc: Tom Lane , "pgsql-hackers@lists.postgresql.org" Subject: Re: POC: Carefully exposing information without authentication In-reply-to: References: <21076.1748617331@localhost> <2724612.1748655287@sss.pgh.pa.us> Comments: In-reply-to Greg Sabino Mullane message dated "Thu, 23 Oct 2025 05:57:19 -0400." X-Mailer: MH-E 8.6+git; nmh 1.8; GNU Emacs 28.3 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <11893.1767966998.1@localhost> Date: Fri, 09 Jan 2026 14:56:38 +0100 Message-ID: <11894.1767966998@localhost> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Greg Sabino Mullane wrote: > Version 4 attached, rebased to account for new tests, plus a new instra-test > check to make sure LWP::UserAgent is available before running. I'm still not sure it's necessary to handle the problem at socket level. I imagine it can be implemented this way: 1. Add a new field to the PGconn structure, indicating that the client is only requesting the server status information, and adjust pg_isready so it sets this option. 2. Adjust libpq frontend (pqBuildStartupPacket3) so it adds the corresponding option to the startup packet. 3. On server, if ProcessStartupPacket() sees that option, call ereport(FATAL) with a specific error code, and let the appropriate GUCs control the contents of the error message. pg_isready would then just print out the message. I haven't tried to write any code, so it's possible that I'm missing something. Regarding configuration, I'd prefer a single GUC. The value can be a comma-separated list of keywords, each representing particular piece of information to be exposed. -- Antonin Houska Web: https://www.cybertec-postgresql.com