Re: Fixing insecure security definer functions - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Fixing insecure security definer functions
Date
Msg-id 25183.1180408766@sss.pgh.pa.us
Whole thread Raw
In response to Re: Fixing insecure security definer functions  (Stephen Frost <sfrost@snowman.net>)
Responses Re: Fixing insecure security definer functions
List pgsql-hackers
Stephen Frost <sfrost@snowman.net> writes:
> The 'special' bit here is that pg_getfullpath() would work relative to
> the caller's search_path even inside of a function which has its 'PATH'
> set.

Eeek.  *Which* caller's search_path?  The string you're handed might've
come from multiple levels up.

There might be some point in allowing the caller itself to fully qualify
the name (before passing it down) with more ease than now.  We have
regclass and so forth, but those make a point of stripping schema
qualification when it's "unnecessary" according to the current search
path.  And yet on the third hand --- how often would it be the case that
this was an issue and yet the caller doesn't know which schema it has in
mind?
        regards, tom lane


pgsql-hackers by date:

Previous
From: Stephen Frost
Date:
Subject: Re: Fixing insecure security definer functions
Next
From: Stephen Frost
Date:
Subject: Re: Fixing insecure security definer functions