| From: | "Joel Jacobson" <joel(at)compiler(dot)org> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: security_definer_search_path GUC |
| Date: | 2021-05-29 20:05:34 |
| Message-ID: | ad0b35af-edc9-4240-9d62-6073480f450f@www.fastmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Glad you bring this problem up for discussion, something should be done to improve the situation.
Personally, as I really dislike search_path and consider using it an anti-pattern.
I would rather prefer a GUC to hard-code search_path to a constant default value of just ‘public’ that cannot be changed by anyone or any function. Trying to change it to a different value would raise an exception.
This would work for me since I always fully-qualify all objects except the ones in public.
/Joel
On Thu, May 27, 2021, at 13:23, Marko Tiikkaja wrote:
> Hi,
>
> Since writing SECURITY DEFINER functions securely requires annoying incantations[1], wouldn't it be nice if we provided a way for the superuser to override the default search path via a GUC in postgresql.conf? That way you can set search_path if you want to override the default, but if you leave it out you're not vulnerable, assuming security_definer_search_path only contains secure schemas.
>
>
> .m
Kind regards,
Joel
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marko Tiikkaja | 2021-05-29 20:10:44 | Re: security_definer_search_path GUC |
| Previous Message | Justin Pryzby | 2021-05-29 19:23:21 | Re: fdatasync performance problem with large number of DB files |