| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Jeff Davis <pgsql(at)j-davis(dot)com> |
| Cc: | Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>, John H <johnhyvr(at)gmail(dot)com>, Alexander Kukushkin <cyberdemn(at)gmail(dot)com>, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, Ashutosh Bapat <ashutosh(dot)bapat(dot)oss(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions |
| Date: | 2024-07-15 20:04:53 |
| Message-ID: | CA+TgmoZTgq0=pg9wJY+iQXz9pLS0COSuN_ZwJfgs4r_tCN17sg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Jul 15, 2024 at 2:33 PM Jeff Davis <pgsql(at)j-davis(dot)com> wrote:
> On Mon, 2024-07-15 at 13:44 -0400, Robert Haas wrote:
> > But ... why? I mean, what's the point of prohibiting that?
>
> Agreed. We ignore all kinds of stuff in search_path that doesn't make
> sense, like non-existent schemas. Simpler is better.
Oh, I had the opposite idea: I wasn't proposing ignoring it. I was
proposing making it work.
--
Robert Haas
EDB: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nathan Bossart | 2024-07-15 20:10:15 | Re: Add a GUC check hook to ensure summarize_wal cannot be enabled when wal_level is minimal |
| Previous Message | Robert Haas | 2024-07-15 20:03:13 | Re: Add a GUC check hook to ensure summarize_wal cannot be enabled when wal_level is minimal |