| From: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
|---|---|
| To: | "'Tom Lane *EXTERN*'" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "'pgsql-hackers(at)postgresql(dot)org'" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Documentation fix for CREATE FUNCTION |
| Date: | 2016-07-15 11:46:59 |
| Message-ID: | A737B7A37273E048B164557ADEF4A58B5386D882@ntex2010i.host.magwien.gv.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> writes:
>> I just noticed that the documentation for CREATE FUNCTION still mentions
>> that the temporary namespace is searched for functions even though that
>> has been removed with commit aa27977.
>
> The example you propose to correct was introduced by that same commit,
> which should make you think twice about whether it really was invalidated
> by that commit.
Yes, I wondered about that.
> I believe the reason for forcing pg_temp to the back of the path is to
> prevent unqualified table names from being captured by pg_temp entries.
> This risk exists despite the rule against searching pg_temp for functions
> or operators. A maliciously named temp table could at least prevent
> a security definer function from doing what it was supposed to, and
> could probably hijack control entirely via triggers or rules.
>
> Possibly the documentation should be more explicit about why this is
> being done, but the example code is good as-is.
Maybe something like the attached would keep people like me from
misunderstanding this.
Yours,
Laurenz Albe
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Improve-example-in-CREATE-FUNCTION-documentation.patch | application/octet-stream | 1.5 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | AMatveev | 2016-07-15 11:55:20 | Re: One process per session lack of sharing |
| Previous Message | AMatveev | 2016-07-15 11:25:20 | Re: One process per session lack of sharing |