| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
| Subject: | Converting built-in SQL functions to new style |
| Date: | 2021-04-15 23:25:39 |
| Message-ID: | 3956760.1618529139@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
[ moving this to a new thread so as not to confuse the cfbot ]
I wrote:
> Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
>> Is there anything else we should be doing along the eat your own dogfood
>> line that don't have these security implications?
> We can still convert the initdb-created SQL functions to new style,
> since there's no security threat during initdb. I'll make a patch
> for that soon.
Here's a draft patch that converts all the built-in and information_schema
SQL functions to new style, except for half a dozen that cannot be
converted because they use polymorphic arguments.
Leaving that remaining half-a-dozen as old style seems okay from a
security standpoint, because they are few enough and simple enough
that it's no big notational headache to make their source text 100%
search-path-proof. I've inserted OPERATOR() notation where necessary
to make them bulletproof.
Also worth a comment perhaps is that for the functions that are being
converted, I replaced the prosrc text in pg_proc.dat with "see
system_views.sql". I think this might reduce confusion by making
it clear that these are not the operative definitions.
One thing this patch does that's not strictly within the charter
is to give the two forms of ts_debug() pg_proc.dat entries, just
so they are more like their new neighbors. This means they'll be
pinned where before they were not, but that seems desirable to me.
I'm pretty confident the conversion is accurate, because I used \sf
to generate the text for the replacement definitions. So I think
this is committable, though review is welcome.
One thing I was wondering about, but did not pull the trigger on
here, is whether to split off the function-related stuff in
system_views.sql into a new file "system_functions.sql", as has
long been speculated about by the comments in system_views.sql.
I think it is time to do this because
(a) The function stuff now amounts to a full third of the file.
(b) While the views made by system_views.sql are intentionally
not pinned, the function-related commands are messing with
pre-existing objects that *are* pinned. This seems quite
confusing to me, and it might interfere with the intention that
you could reload the system view definitions using this file.
Thoughts?
regards, tom lane
| Attachment | Content-Type | Size |
|---|---|---|
| convert-builtin-sql-functions-to-new-style-1.patch | text/x-diff | 35.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2021-04-15 23:48:12 | Re: Replacing pg_depend PIN entries with a fixed range check |
| Previous Message | Thomas Munro | 2021-04-15 22:45:46 | Re: Collation versioning |