On Tue, Nov 12, 2024 at 05:30:30PM +0900, Michael Paquier wrote:
> 0004 for pg_freespace is fine regarding that for example as we have
> calls of pg_freespace(regclass) in its sql/. I've applied it to begin
> with something.
That commit (3f323eb) contains a generate_series(int, bigint) call. Following
https://www.postgresql.org/docs/current/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
is enough in v17, but it wouldn't be enough after that commit. An attacker
can achieve persistent capture of the inexact call:
set search_path = pg_catalog;
create or replace function public.generate_series(int, bigint) returns bigint
language plpgsql as $$
BEGIN
RAISE NOTICE 'owned';
RETURN 0;
END
$$;
create extension pg_freespacemap schema public;
select public.pg_freespace(0);
\sf public.pg_freespace(regclass)
Per postgr.es/m/3489827.1618411777@sss.pgh.pa.us and
postgr.es/m/1471865.1734212070@sss.pgh.pa.us one requirement for migrating to
SQL-standard function bodies is removing these inexact-match function and
operator calls. Here, one could either write pg_catalog.generate_series or
make the argument types match exactly.
