On Thu, 21 Sept 2023 at 13:45, Ryoga Yoshida <bt23yoshi...@oss.nttdata.com> wrote: > When --buffer-usage-limit option is specified, vacuumdb issues VACUUM or > VACUUM ANALYZE command with BUFFER_USAGE_LIMIT option. Also if > --buffer-usage-limit and -Z options are specified, vacuumdb should issue > ANALYZE command with BUFFER_USAGE_LIMIT option. But it does not. That > is, vacuumdb -Z seems to fail to handle --buffer-usage-limit option. > This seems a bug. > > You can see my patch in the attached file and how it works by adding -e > option in vacuumdb.
Thanks for the report and the patch. I agree this has been overlooked. I also wonder if we should be escaping the buffer-usage-limit string sent in the comment. It seems quite an unlikely attack vector, as the user would have command line access and could likely just use psql anyway, but I had thought about something along the lines of: $ vacuumdb --buffer-usage-limit "1MB'); drop database postgres;--" postgres vacuumdb: vacuuming database "postgres" vacuumdb: error: processing of database "postgres" failed: ERROR: VACUUM cannot run inside a transaction block seems that won't work, due to sending multiple commands at once, but I think we should fix it anyway. David
