| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Fixing insecure security definer functions |
| Date: | 2007-05-29 03:19:26 |
| Message-ID: | 25183.1180408766@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> The 'special' bit here is that pg_getfullpath() would work relative to
> the caller's search_path even inside of a function which has its 'PATH'
> set.
Eeek. *Which* caller's search_path? The string you're handed might've
come from multiple levels up.
There might be some point in allowing the caller itself to fully qualify
the name (before passing it down) with more ease than now. We have
regclass and so forth, but those make a point of stripping schema
qualification when it's "unnecessary" according to the current search
path. And yet on the third hand --- how often would it be the case that
this was an issue and yet the caller doesn't know which schema it has in
mind?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2007-05-29 03:28:42 | Re: Fixing insecure security definer functions |
| Previous Message | Stephen Frost | 2007-05-29 02:55:33 | Re: Fixing insecure security definer functions |