Explicitly unset search path when connecting to database

configdata.c

@@ -875,6 +875,15 @@ struct ConfigFileSetting config_file_settings[] =
 		{},
 		{}
 	},
+	{
+		"connection_check_query",
+		CONFIG_STRING,
+		{ .strptr = config_file_options.connection_check_query },
+		{ .strdefault = "SELECT 1" },
+		{},
+		{ .strmaxlen = sizeof(config_file_options.connection_check_query) },
+		{}
+	},
 	/* End-of-list marker */
 	{
 		NULL, CONFIG_INT, {}, {}, {}, {}, {}

configfile.h

@@ -238,6 +238,7 @@ typedef struct
 
 	/* undocumented test settings */
 	int			promote_delay;
+	char		connection_check_query[MAXLEN];
 } t_configuration_options;
 
 

dbutils.c

@@ -153,6 +153,9 @@ _establish_db_connection(const char *conninfo, const bool exit_on_error, const b
 	if (param_get(&conninfo_params, "replication") != NULL)
 		is_replication_connection = true;
 
+	/* use a secure search_path */
+	param_set(&conninfo_params, "options", "-csearch_path=");
+
 	connection_string = param_list_to_string(&conninfo_params);
 
 	log_debug(_("connecting to: \"%s\""), connection_string);
@@ -303,6 +306,9 @@ establish_db_connection_by_params(t_conninfo_param_list *param_list,
 	param_set_ine(param_list, "connect_timeout", "2");
 	param_set_ine(param_list, "fallback_application_name", "repmgr");
 
+	/* use a secure search_path */
+	param_set(param_list, "options", "-csearch_path=");
+
 	/* Connect to the database using the provided parameters */
 	conn = PQconnectdbParams((const char **) param_list->keywords, (const char **) param_list->values, true);
 

repmgrd-physical.c

@@ -3212,6 +3212,8 @@ update_monitoring_history(void)
 
 	INSTR_TIME_SET_CURRENT(last_monitoring_update);
 
+	log_verbose(LOG_DEBUG, "update_monitoring_history(): monitoring history update sent");
+
 	return true;
 }
 

repmgrd.c

@@ -831,6 +831,9 @@ check_upstream_connection(PGconn **conn, const char *conninfo, PGconn **paired_c
 		}
 		else if (config_file_options.connection_check_type == CHECK_CONNECTION)
 		{
+			/*
+			 * This connection is thrown away, and we never execute a query on it.
+			 */
 			PGconn *test_conn = PQconnectdb(conninfo);
 
 			log_debug("check_upstream_connection(): attempting to connect to \"%s\"", conninfo);
@@ -858,7 +861,7 @@ check_upstream_connection(PGconn **conn, const char *conninfo, PGconn **paired_c
 		log_notice(_("upstream is available but upstream connection has gone away, resetting"));
 
 		PQfinish(*conn);
-		*conn = PQconnectdb(conninfo);
+		*conn = establish_db_connection_quiet(conninfo);
 
 		if (PQstatus(*conn) == CONNECTION_OK)
 		{
@@ -881,9 +884,10 @@ check_upstream_connection(PGconn **conn, const char *conninfo, PGconn **paired_c
 			log_debug("check_upstream_connection(): upstream connection has gone away, resetting");
 			if (twice)
 				return false;
+
 			/* reconnect */
 			PQfinish(*conn);
-			*conn = PQconnectdb(conninfo);
+			*conn = establish_db_connection_quiet(conninfo);
 
 			if (paired_conn != NULL)
 			{
@@ -901,7 +905,7 @@ check_upstream_connection(PGconn **conn, const char *conninfo, PGconn **paired_c
 				goto failed;
 
 			/* execute a simple query to verify connection availability */
-			if (PQsendQuery(*conn, "SELECT 1") == 0)
+			if (PQsendQuery(*conn, config_file_options.connection_check_query) == 0)
 			{
 				log_warning(_("unable to send query to upstream"));
 				log_detail("%s", PQerrorMessage(*conn));
@@ -920,8 +924,9 @@ check_upstream_connection(PGconn **conn, const char *conninfo, PGconn **paired_c
 
 			/* reconnect */
 			log_debug("check_upstream_connection(): upstream connection not available, resetting");
+
 			PQfinish(*conn);
-			*conn = PQconnectdb(conninfo);
+			*conn = establish_db_connection_quiet(conninfo);
 
 			if (paired_conn != NULL)
 			{