I tried disabling public EXECUTE access on the built-in conversion
functions, as we recommended yesterday, and found that it has one
small problem: the conversion regression test fails. The test is
expecting that unprivileged users can create conversions, but since
CREATE CONVERSION requires you to have execute permissions on the
specified function, they can't if we do this.
This leaves me thinking that the best fix for the back branches
is the one Andrew@supernews originally suggested: modify the
signature for conversion functions to use INTERNAL instead of CSTRING.
I haven't actually experimented with that yet, but will shortly.
Going forward, though, I really think we need to revisit the API
for conversion functions. It seems a bit silly to have the
infrastructure to let ordinary users create conversions if they
can't create the functions needed to support them.
regards, tom lane