Hi,
Since writing SECURITY DEFINER functions securely requires annoying
incantations[1], wouldn't it be nice if we provided a way for the superuser
to override the default search path via a GUC in postgresql.conf? That way
you can set search_path if you want to override the default, but if you
leave it out you're not vulnerable, assuming security_definer_search_path
only contains secure schemas.
.m