Function search_path

From: "Heinemann, Manfred (IMS)" <HeinemannM(at)imsweb(dot)com>
To: "pgsql-admin(at)lists(dot)postgresql(dot)org" <pgsql-admin(at)lists(dot)postgresql(dot)org>
Subject: Function search_path
Date: 2018-03-14 19:18:22
Message-ID: db194d98f61d4aa398c1399a24326e7c@THALASSA.omni.imsweb.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

We recently started upgrading to Postgres 10.3 and have run into trouble with the security change to search_path.

The release notes say:
In cases where user-provided functions are indirectly executed by these programs - for example, user-provided functions in index expressions - the tighter search_path may result in errors, which will need to be corrected by adjusting those user-provided functions to not assume anything about what search path they are invoked under. That has always been good practice, but now it will be necessary for correct behavior. (CVE-2018-1058)

We have this issue with a custom function that calls other custom functions and that function is used in a functional index. Now autoanalyze and autovacuum fail on tables with those indices.

The simplest fix seemed to be to set the functions search_path to '$user' but that has caused large updates to the indexed table to run out of memory.

Hardcoding the schema in the function would mean having to have separate functions for each schema affected. It also seems to make the function less memory efficient.

Are there other options?

Thanks,
Manfred

________________________________

Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error.

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Fabio Pardi 2018-03-15 09:30:22 Re: Function search_path
Previous Message Ricardo Martin Gomez 2018-03-14 10:32:18 RE: Permission issues. Please help