From cf1478982cbe5637f0e78f88a28bf5d8ecfb389f Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Sat, 22 May 1999 17:47:54 +0000
Subject: Modify backend switch parsing to prevent 'insecure' switches from
 being accepted when they are passed from client connection request. Get rid
 of a couple that no longer do anything (like -P).

---
 src/backend/utils/misc/trace.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src/backend/utils/misc/trace.c')

diff --git a/src/backend/utils/misc/trace.c b/src/backend/utils/misc/trace.c
index 1f96065c9ef..871e1d436a0 100644
--- a/src/backend/utils/misc/trace.c
+++ b/src/backend/utils/misc/trace.c
@@ -257,9 +257,13 @@ set_option_flag(int flag, int value)
 /*
  * Parse an option string like "name,name+,name-,name=value".
  * Single options are delimited by ',',space,tab,newline or cr.
+ *
+ * If 'secure' is false, the option string came from a remote client via
+ * connection "debug options" field --- do not obey any requests that
+ * might potentially be security loopholes.
  */
 void
-parse_options(char *str)
+parse_options(char *str, bool secure)
 {
 	char	   *s,
 			   *name;
@@ -384,7 +388,7 @@ read_pg_options(SIGNAL_ARGS)
 			p--;
 		*p = '\0';
 		verbose = pg_options[TRACE_VERBOSE];
-		parse_options(buffer);
+		parse_options(buffer, true);
 		verbose |= pg_options[TRACE_VERBOSE];
 		if (verbose || postgres_signal_arg == SIGHUP)
 			tprintf(TRACE_ALL, "read_pg_options: %s", buffer);
-- 
cgit v1.2.3