| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | "Igal (at) Lucee(dot)org" <igal(at)lucee(dot)org>, pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: pg_dump and search_path |
| Date: | 2019-07-09 07:22:14 |
| Message-ID: | 6e3e7900f9d470c6927112818c0aec59e1f91ac8.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, 2019-07-08 at 23:54 -0700, Igal @ Lucee.org wrote:
> > I have a custom search_path:
> >
> > # show search_path;
> > search_path
> > ----------------------------------
> > "staging, transient, pg_catalog"
> > (1 row)
> >
> > I ran `pg_dump --schema-only` and the only reference in the output to
> > search_path is:
> >
> > SELECT pg_catalog.set_config('search_path', '', false);
> >
> > Then one of my functions which does not reference the full name of a
> > table with its schema fails with "relation [rel-name] does not exist".
> >
> > Is that a bug? I have seen some old posts about this issue but am not
> > sure if there is a ticket or why it still is an issue.
> >
> Looks like this might be by design. I will follow the links at
> https://www.postgresql.org/message-id/flat/MWHPR14MB160079A6D9DC64A2F60E9004C0D00%40MWHPR14MB1600.namprd14.prod.outlook.com
> and ask more questions if I have them.
>
> I might need to add the schema name to the table in my function.
Right.
Allowing object lookup along the search_path during pg_restore opens
doors to abuse, because it can make a superuser inadvertedly execute
code crafted by an attacker.
Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrey Sychev | 2019-07-09 08:06:09 | Re: Error: rows returned by function are not all of the same row type |
| Previous Message | Igal @ Lucee.org | 2019-07-09 06:54:25 | Re: pg_dump and search_path |