| From: | Jeff Davis <pgsql(at)j-davis(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com>, Noah Misch <noah(at)leadboat(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jeff Davis <jdavis(at)postgresql(dot)org>, pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: pgsql: Fix search_path to a safe value during maintenance operations. |
| Date: | 2023-06-13 00:20:47 |
| Message-ID: | 2985f969b292258ca007e9916839e2d07359ec15.camel@j-davis.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
On Mon, 2023-06-12 at 13:33 -0400, Robert Haas wrote:
> I wonder why this commit used pg_catalog, pg_temp rather than just
> the
> empty string, as AutoVacWorkerMain does.
I followed the rules here for "Writing SECURITY DEFINER Functions
Safely":
https://www.postgresql.org/docs/16/sql-createfunction.html
which suggests adding pg_temp at the end (otherwise it is searched
first by default).
It's not exactly like a SECURITY DEFINER function, but running a
maintenance command does switch to the table owner, so the risks are
similar.
I don't see a problem with the pg_temp schema in non-interactive
processes, because we trust the non-interactive processes.
Regards,
Jeff Davis
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Davis | 2023-06-13 00:39:40 | Re: pgsql: Fix search_path to a safe value during maintenance operations. |
| Previous Message | Robert Haas | 2023-06-12 17:33:45 | Re: pgsql: Fix search_path to a safe value during maintenance operations. |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2023-06-13 00:26:45 | Re: Shouldn't construct_array_builtin and deconstruct_array_builtin agree on types? |
| Previous Message | Michael Paquier | 2023-06-13 00:16:07 | Re: query_id, pg_stat_activity, extended query protocol |