From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com>, Jeff Davis <pgsql(at)j-davis(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Noah Misch <noah(at)leadboat(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: pgsql: Fix search_path to a safe value during maintenance operations. |
Date: | 2023-06-29 19:08:35 |
Message-ID: | 94da5be0-a2e8-8e22-d170-012410e7c9a3@dunslane.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers pgsql-hackers |
On 2023-06-29 Th 11:19, Robert Haas wrote:
>
> Now we're proposing to ship a brand-new feature with a hole that we
> definitely already know exists. I can't understand that at all. Should
> we just go file the CVE against ourselves right now, then? Seriously,
> what are we doing?
>
> If we're not going to fix the feature so that it doesn't break the
> security model, we should probably just revert it. I don't understand
> at all the idea of shipping something that we 100% know is broken.
>
>
+1
cheers
andrew
--
Andrew Dunstan
EDB:https://www.enterprisedb.com
From | Date | Subject | |
---|---|---|---|
Next Message | Nathan Bossart | 2023-06-29 20:29:40 | Re: pgsql: Fix search_path to a safe value during maintenance operations. |
Previous Message | Andres Freund | 2023-06-29 16:19:52 | pgsql: meson: Remove redundant return code check |
From | Date | Subject | |
---|---|---|---|
Next Message | Andres Freund | 2023-06-29 19:13:08 | Re: Meson build updates |
Previous Message | Tristan Partin | 2023-06-29 19:07:19 | Re: Meson build updates |