Home > mailing lists

Re: pgsql: Fix search_path to a safe value during maintenance operations. - Mailing list pgsql-committers

From	Jeff Davis
Subject	Re: pgsql: Fix search_path to a safe value during maintenance operations.
Date	June 13, 2023 03:20:47
Msg-id	2985f969b292258ca007e9916839e2d07359ec15.camel@j-davis.com Whole thread Raw
In response to	Re: pgsql: Fix search_path to a safe value during maintenance operations. (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: pgsql: Fix search_path to a safe value during maintenance operations. (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-committers

Tree view

On Mon, 2023-06-12 at 13:33 -0400, Robert Haas wrote:
> I wonder why this commit used pg_catalog, pg_temp rather than just
> the
> empty string, as AutoVacWorkerMain does.

I followed the rules here for "Writing SECURITY DEFINER Functions
Safely":

https://www.postgresql.org/docs/16/sql-createfunction.html

which suggests adding pg_temp at the end (otherwise it is searched
first by default).

It's not exactly like a SECURITY DEFINER function, but running a
maintenance command does switch to the table owner, so the risks are
similar.

I don't see a problem with the pg_temp schema in non-interactive
processes, because we trust the non-interactive processes.

Regards,
    Jeff Davis

pgsql-committers by date:

From: Robert Haas
Date: 12 June 2023, 20:33:45
Subject: Re: pgsql: Fix search_path to a safe value during maintenance operations.

From: Jeff Davis
Date: 13 June 2023, 03:39:40
Subject: Re: pgsql: Fix search_path to a safe value during maintenance operations.

Re: pgsql: Fix search_path to a safe value during maintenance operations. - Mailing list pgsql-committers

Previous

Next