| From: | Noah Misch <noah(at)leadboat(dot)com> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Ronan Dunklau <ronan(dot)dunklau(at)aiven(dot)io>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)lists(dot)postgresql(dot)org, Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
| Subject: | Re: Converting contrib SQL functions to new style |
| Date: | 2025-01-06 19:04:28 |
| Message-ID: | 20250106190428.ec.nmisch@google.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Nov 12, 2024 at 05:30:30PM +0900, Michael Paquier wrote:
> 0004 for pg_freespace is fine regarding that for example as we have
> calls of pg_freespace(regclass) in its sql/. I've applied it to begin
> with something.
That commit (3f323eb) contains a generate_series(int, bigint) call. Following
https://www.postgresql.org/docs/current/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
is enough in v17, but it wouldn't be enough after that commit. An attacker
can achieve persistent capture of the inexact call:
set search_path = pg_catalog;
create or replace function public.generate_series(int, bigint) returns bigint
language plpgsql as $$
BEGIN
RAISE NOTICE 'owned';
RETURN 0;
END
$$;
create extension pg_freespacemap schema public;
select public.pg_freespace(0);
\sf public.pg_freespace(regclass)
Per postgr.es/m/3489827.1618411777@sss.pgh.pa.us and
postgr.es/m/1471865.1734212070@sss.pgh.pa.us one requirement for migrating to
SQL-standard function bodies is removing these inexact-match function and
operator calls. Here, one could either write pg_catalog.generate_series or
make the argument types match exactly.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2025-01-06 19:10:12 | Re: Re: proposal: schema variables |
| Previous Message | Noah Misch | 2025-01-06 18:52:20 | Re: AIO v2.2 |