Re: security_definer_search_path GUC - Mailing list pgsql-hackers

From Julien Rouhaud
Subject Re: security_definer_search_path GUC
Date
Msg-id 20210602165831.ujuxt7e7fgv3vkdx@nol
Whole thread Raw
In response to Re: security_definer_search_path GUC  ("Joel Jacobson" <joel@compiler.org>)
List pgsql-hackers
On Wed, Jun 02, 2021 at 02:46:08PM +0200, Joel Jacobson wrote:
> 
> But perhaps the search_path as an uninstallable extension is a less invasive idea.

I don't that that happening any time soon.  An extension only adds SQL objects,
it doesn't impact backend code.  You can ship a module with your extension, but
dropping an extension won't unload the module.  And if it were then there's the
*_preload_libraries that would totally nullify what you want.

On top of that, it would also mean that the relation resolving could be changed
by any other extension, which seems like a bad idea.

> But search_path is not the only problem. I think it's also a problem objects
> with the same identifies can be created in both pg_catalog and public. Can we
> think of a valid reason why it is a good idea to continue to allow that? In
> what real-life scenario is it needed?

One somewhat acceptable use case is to replace catalog access with views to
give access to some data e.g. some monitoring users.  That's less a problem
recently with the default roles, but still.

There might be others.



pgsql-hackers by date:

Previous
From: Pavel Stehule
Date:
Subject: Re: security_definer_search_path GUC
Next
From: Tom Lane
Date:
Subject: Re: parent foreign tables and row marks