This probably goes without saying but I wanted to log it for reference: Restoring an untrusted PostgreSQL raw data (base) dump is not safe!
Besides the obvious reason (stored procedures that could run arbitrary untrusted code), the server trusts the binary data files and will go out of bounds and access arbitrary memory if they are corrupted/inconsistent.
I don't think this is really a vulnerability or anything worth worrying about, it should just be known/documented (that if you need to restore a raw data dump from someone else, you should make sure the postgres daemon is sandboxed). This does not apply to SQL dumps, only the raw cluster data directory.
Mentioning this because I helped debug a crashing server due to a corrupted DB and confirmed the code makes data integrity assumptions ^^
Asahi Lina (朝日リナ) /
npub14w…zuequ
2025-03-25 16:33:43
Author Public Key
npub14w78207els8vs5fxduhhval0r9zgujpf2khcqyfuhmkt2tlyvcyq2zuequPublished at
2025-03-25 16:33:43Event JSON
{
"id": "9bb166244708ccbf21d4ba95d64adcd5c95a2e54a205e3952dce9add30ce1cb0",
"pubkey": "abbc753fd9fc0ec851266f2f7677ef19448e482955af80113cbeecb52fe46608",
"created_at": 1742920423,
"kind": 1,
"tags": [
[
"proxy",
"https://vt.social/users/lina/statuses/114224032853927968",
"activitypub"
]
],
"content": "This probably goes without saying but I wanted to log it for reference: Restoring an untrusted PostgreSQL raw data (base) dump is not safe! \n\nBesides the obvious reason (stored procedures that could run arbitrary untrusted code), the server trusts the binary data files and will go out of bounds and access arbitrary memory if they are corrupted/inconsistent.\n\nI don't think this is really a vulnerability or anything worth worrying about, it should just be known/documented (that if you need to restore a raw data dump from someone else, you should make sure the postgres daemon is sandboxed). This does not apply to SQL dumps, only the raw cluster data directory.\n\nMentioning this because I helped debug a crashing server due to a corrupted DB and confirmed the code makes data integrity assumptions ^^",
"sig": "cadcafd2f2843bd3994f58e1e92ce8b3ac4a75fa20e19210e5ddc5015214c4609680e41d9250bf7769edb8c23fc402eb9132506ad2daf915d51e1c92e42874e7"
}