From: | amul sul <sulamul(at)gmail(dot)com> |
---|---|
To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Failed assertion due to procedure created with SECURITY DEFINER option |
Date: | 2018-07-03 10:58:30 |
Message-ID: | CAAJ_b96Gupt_LFL7uNyy3c50-wbhA68NUjiK5=rF6_w=pq_T=Q@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Fri, Jun 29, 2018 at 5:26 PM Peter Eisentraut
<peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
>
> On 6/29/18 13:07, amul sul wrote:
> > This happens because of in fmgr_security_definer() function we are
> > changing global variable SecurityRestrictionContext and in the
> > StartTransaction() insisting it should be zero, which is the problem.
>
> Hmm, what is the reason for this insistation?
>
> We could work around this for now by prohibiting transaction commands in
> security definer procedures, similar to what we do in procedures with
> GUC settings attached.
>
I am not sure that I have understood this, apologies. Do you mean by
the following case:
postgres=# CREATE PROCEDURE transaction_test1() LANGUAGE plpgsql
SECURITY DEFINER SET work_mem to '16MB'
AS $$ BEGIN
COMMIT;
END $$;
CREATE PROCEDURE
postgres=# CALL transaction_test1();
ERROR: invalid transaction termination
CONTEXT: PL/pgSQL function transaction_test1() line 2 at COMMIT
Thanks.
Regards,
Amul
From | Date | Subject | |
---|---|---|---|
Next Message | David Rowley | 2018-07-03 11:16:55 | Re: pgsql: Clarify use of temporary tables within partition trees |
Previous Message | Amit Kapila | 2018-07-03 10:48:13 | Re: Explain buffers wrong counter with parallel plans |