Re: Fixing insecure security definer functions

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Fixing insecure security definer functions
Date: 2007-05-29 02:45:28
Message-ID: 24792.1180406728@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Stephen Frost <sfrost(at)snowman(dot)net> writes:
> It would be useful to have a function which could be passed a relative
> (to the caller's search path) object name and would return the fully
> qualified name of that object. In this way, functions could be written
> which take relative arguments from the user but *only* those explicitly
> checked for.

Your example doesn't seem to be doing anything interesting ... am I
misunderstanding, or did you omit the actual checking? Also, if the
search path is controlled by the function, what good is this ---
wouldn't it always result in a trusted schema?

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tatsuo Ishii 2007-05-29 02:49:00 Re: What is the maximum encoding-conversion growth rate, anyway?
Previous Message Stephen Frost 2007-05-29 02:38:51 Re: Fixing insecure security definer functions