| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Prohibit transaction commands in security definer procedures |
| Date: | 2018-07-13 08:45:30 |
| Message-ID: | E1fdthi-0001vI-8c@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Prohibit transaction commands in security definer procedures
Starting and aborting transactions in security definer procedures
doesn't work. StartTransaction() insists that the security context
stack is empty, so this would currently cause a crash, and
AbortTransaction() resets it. This could be made to work by
reorganizing the code, but right now we just prohibit it.
Reported-by: amul sul <sulamul(at)gmail(dot)com>
Discussion: https://www.postgresql.org/message-id/flat/CAAJ_b96Gupt_LFL7uNyy3c50-wbhA68NUjiK5%3DrF6_w%3Dpq_T%3DQ%40mail.gmail.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/3884072329bd1ad7d41bf7582c5d60e969365634
Modified Files
--------------
doc/src/sgml/ref/create_procedure.sgml | 6 ++++++
src/backend/commands/functioncmds.c | 9 +++++++++
src/pl/plpgsql/src/expected/plpgsql_transaction.out | 12 ++++++++++++
src/pl/plpgsql/src/sql/plpgsql_transaction.sql | 13 +++++++++++++
4 files changed, 40 insertions(+)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2018-07-13 15:17:12 | pgsql: docs: Remove "New" description of the libpqxx interface |
| Previous Message | Peter Eisentraut | 2018-07-13 08:08:05 | pgsql: Remove obsolete documentation build tools for Windows |