On Wed, 14 Feb 2007, Peter Eisentraut wrote:
> By installing functions or operators with appropriate signatures in
> other schemas, users can then redirect any function or operator
> call in the function code to implementations of their choice
> [snip]
> The proper fix for this problem is to insert explicit SET search_path
> commands into each affected function to produce a known safe schema
> search path.
This fix is not enough in certain common configurations. I've sent a
proof of concept to security<at>postgresql.org, but I won't disclose
it before I'm allowed to by security team.
Regards
Tometzky
--
...although Eating Honey was a very good thing to do, there was a
moment just before you began to eat it which was better than when you
were...
Winnie the Pooh