From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Noah Misch <noah(at)leadboat(dot)com> |
Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org, Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
Subject: | Re: Converting contrib SQL functions to new style |
Date: | 2021-04-14 03:11:13 |
Message-ID: | 3441172.1618369873@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Noah Misch <noah(at)leadboat(dot)com> writes:
> On Tue, Apr 13, 2021 at 06:26:34PM -0400, Tom Lane wrote:
>> Attached are some draft patches to convert almost all of the
>> contrib modules' SQL functions to use SQL-standard function bodies.
>> The point of this is to remove the residual search_path security
>> hazards that we couldn't fix in commits 7eeb1d986 et al. Since
>> a SQL-style function body is fully parsed at creation time,
>> its object references are not subject to capture by the run-time
>> search path.
> Are there any inexact matches in those function/operator calls? Will that
> matter more or less than it does today?
I can't claim to have looked closely for inexact matches. It should
matter less than today, since there's a hazard only during creation
(with a somewhat-controlled search path) and not during use. But
that doesn't automatically eliminate the issue.
>> I'd like to propose squeezing these changes into v14, even though
>> we're past feature freeze. Reason one is that this is less a
>> new feature than a security fix; reason two is that this provides
>> some non-artificial test coverage for the SQL-function-body feature.
> Dogfooding like this is good. What about the SQL-language functions that
> initdb creates?
Hadn't thought about those, but converting them seems like a good idea.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Bharath Rupireddy | 2021-04-14 03:54:02 | Re: TRUNCATE on foreign table |
Previous Message | Amit Langote | 2021-04-14 03:06:56 | Re: ModifyTable overheads in generic plans |