| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Brendan Jurd" <direvus(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Per-function search_path => per-function GUC settings |
| Date: | 2007-09-01 17:55:06 |
| Message-ID: | 22560.1188669306@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Brendan Jurd" <direvus(at)gmail(dot)com> writes:
> CREATE FUNCTION foo(int) RETURNS int AS $$
> ...
> $$
> LANGUAGE plpgsql
> STABLE
> STRICT
> SECURITY DEFINER
> RESET search_path
> SET regex_flavor = 'cinnamon';
> That doesn't seem especially horrible. In what way do you feel it is
> inconsistent with existing syntax?
Hmm ... I hadn't thought of including SET in the syntax, so I was
running into problems with distingushing GUC variable names from the
keywords that are already in the syntax. That way would work from a
grammar point of view. It still seems a bit inconsistent to me, but
we could live with it. Comments anyone?
> And ... although I'll admit this is a paranoid thing to mention, if
> you have to fix the search_path setting *after* creating a function as
> SECURITY DEFINER, then there is necessarily a short period of time
> where the function exists and is insecure.
You already have that issue with respect to the default public execute
permissions on the function. The standard solution is to do it in a
transaction block --- then no one can even see the function until you
commit.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-09-01 18:05:50 | Re: Per-function search_path => per-function GUC settings |
| Previous Message | Gregory Stark | 2007-09-01 17:48:55 | Re: Per-function search_path => per-function GUC settings |