On Mon, 2023-06-12 at 13:33 -0400, Robert Haas wrote:
> I wonder why this commit used pg_catalog, pg_temp rather than just
> the
> empty string, as AutoVacWorkerMain does.
I followed the rules here for "Writing SECURITY DEFINER Functions
Safely":
https://www.postgresql.org/docs/16/sql-createfunction.html
which suggests adding pg_temp at the end (otherwise it is searched
first by default).
It's not exactly like a SECURITY DEFINER function, but running a
maintenance command does switch to the table owner, so the risks are
similar.
I don't see a problem with the pg_temp schema in non-interactive
processes, because we trust the non-interactive processes.
Regards,
Jeff Davis