Empty search_path in Autovacuum and non-psql/pgbench clients.

[postgresql] / src / bin / pg_basebackup / streamutil.c

diff --git a/src/bin/pg_basebackup/streamutil.c b/src/bin/pg_basebackup/streamutil.c
index c88cede167600b1f99952f928be4aa1308001010..296b1888aad729993f77d12778748e82c4b8d268 100644 (file)
--- a/src/bin/pg_basebackup/streamutil.c
+++ b/src/bin/pg_basebackup/streamutil.c
@@ -24,6 +24,7 @@
 #include "access/xlog_internal.h"
 #include "common/fe_memutils.h"
 #include "datatype/timestamp.h"
+#include "fe_utils/connect.h"
 #include "port/pg_bswap.h"
 #include "pqexpbuffer.h"
 
@@ -208,6 +209,23 @@ GetConnection(void)
        if (conn_opts)
                PQconninfoFree(conn_opts);
 
+       /* Set always-secure search path, so malicious users can't get control. */
+       if (dbname != NULL)
+       {
+               PGresult   *res;
+
+               res = PQexec(tmpconn, ALWAYS_SECURE_SEARCH_PATH_SQL);
+               if (PQresultStatus(res) != PGRES_TUPLES_OK)
+               {
+                       fprintf(stderr, _("%s: could not clear search_path: %s\n"),
+                                       progname, PQerrorMessage(tmpconn));
+                       PQclear(res);
+                       PQfinish(tmpconn);
+                       exit(1);
+               }
+               PQclear(res);
+       }
+
        /*
         * Ensure we have the same value of integer_datetimes (now always "on") as
         * the server we are connecting to.