| From: | Jeff Davis <pgsql(at)j-davis(dot)com> |
|---|---|
| To: | Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com> |
| Cc: | Ashutosh Bapat <ashutosh(dot)bapat(dot)oss(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions |
| Date: | 2024-06-06 16:53:19 |
| Message-ID: | b84e64d4c3e50a727b2f9b7f1d61dbfd35c9e636.camel@j-davis.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 2024-06-06 at 21:17 +0530, Ashutosh Sharma wrote:
> That can be controlled via some GUC if needed, I guess.
That's a possibility, but it's easy to create a mess that way. I don't
necessarily oppose it, but we'd need some pretty strong agreement that
we are somehow moving users in a better direction and not just creating
two behaviors that last forever.
I also think there should be a way to explicitly request the old
behavior -- obtaining search_path from the session -- regardless of how
the GUC is set.
> I didn't get you completely here. w.r.t extensions how will this have
> an impact if we set the search_path for definer functions.
If we only set the search path for SECURITY DEFINER functions, I don't
think that solves the whole problem.
Regards,
Jeff Davis
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Isaac Morland | 2024-06-06 18:09:55 | Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions |
| Previous Message | Robert Haas | 2024-06-06 16:36:32 | Re: Assert in heapgettup_pagemode() fails due to underlying buffer change |