From: | "Heinemann, Manfred (IMS)" <HeinemannM(at)imsweb(dot)com> |
---|---|
To: | "pgsql-admin(at)lists(dot)postgresql(dot)org" <pgsql-admin(at)lists(dot)postgresql(dot)org> |
Subject: | Function search_path |
Date: | 2018-03-14 19:18:22 |
Message-ID: | db194d98f61d4aa398c1399a24326e7c@THALASSA.omni.imsweb.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
We recently started upgrading to Postgres 10.3 and have run into trouble with the security change to search_path.
The release notes say:
In cases where user-provided functions are indirectly executed by these programs - for example, user-provided functions in index expressions - the tighter search_path may result in errors, which will need to be corrected by adjusting those user-provided functions to not assume anything about what search path they are invoked under. That has always been good practice, but now it will be necessary for correct behavior. (CVE-2018-1058)
We have this issue with a custom function that calls other custom functions and that function is used in a functional index. Now autoanalyze and autovacuum fail on tables with those indices.
The simplest fix seemed to be to set the functions search_path to '$user' but that has caused large updates to the indexed table to run out of memory.
Hardcoding the schema in the function would mean having to have separate functions for each schema affected. It also seems to make the function less memory efficient.
Are there other options?
Thanks,
Manfred
________________________________
Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error.
From | Date | Subject | |
---|---|---|---|
Next Message | Fabio Pardi | 2018-03-15 09:30:22 | Re: Function search_path |
Previous Message | Ricardo Martin Gomez | 2018-03-14 10:32:18 | RE: Permission issues. Please help |