Quick Links

Re: Failed assertion due to procedure created with SECURITY DEFINER option

From:	Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
To:	amul sul <sulamul(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: Failed assertion due to procedure created with SECURITY DEFINER option
Date:	2018-06-29 11:56:12
Message-ID:	14665d35-0420-dc6c-bbd4-ce07fcd2189b@2ndquadrant.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On 6/29/18 13:07, amul sul wrote:
> This happens because of in fmgr_security_definer() function we are
> changing global variable SecurityRestrictionContext and in the
> StartTransaction() insisting it should be zero, which is the problem.

Hmm, what is the reason for this insistation?

We could work around this for now by prohibiting transaction commands in
security definer procedures, similar to what we do in procedures with
GUC settings attached.

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

In response to

Failed assertion due to procedure created with SECURITY DEFINER option at 2018-06-29 11:07:46 from amul sul

Responses

Re: Failed assertion due to procedure created with SECURITY DEFINER option at 2018-06-29 17:19:17 from Andres Freund
Re: Failed assertion due to procedure created with SECURITY DEFINER option at 2018-07-03 10:58:30 from amul sul

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Peter Eisentraut	2018-06-29 12:04:07	Re: Tips on committing
Previous Message	Peter Eisentraut	2018-06-29 11:52:23	Re: assert in nested SQL procedure call in current HEAD