(2010/03/20 11:17), Robert Haas wrote:
> On Fri, Mar 19, 2010 at 8:11 PM, Tom Lane<tgl@sss.pgh.pa.us> wrote:
>> Robert Haas<robertmhaas@gmail.com> writes:
>>> On Fri, Mar 19, 2010 at 8:18 AM, Tom Lane<tgl@sss.pgh.pa.us> wrote:
>>>> KaiGai Kohei<kaigai@ak.jp.nec.com> writes:
>>>>> When we assign "SECURITY DEFINER" attribute on plpgsql_call_handler(),
>>>>> it makes server process crashed.
>>>>
>>>> So don't do that. Whatever possessed you to think that's a sensible
>>>> idea anyway?
>>
>>> It might not be sensible, but the whole server going down as a result
>>> doesn't seem very sensible either.
>>
>> [ shrug... ] If you would like to start enumerating the ways in which
>> you can crash the server with erroneous pg_proc entries for C functions,
>> go for it. It'll keep you out of trouble for a very long time.
>
> It's obviously not possible to make this bulletproof in general, but
> that doesn't mean we should crash just for fun.
I'd like to put the question in anotherexpression.
Is it an expected behavior that PostgreSQL tries to execute foo() with
privileges of the owner of language call handler because of its security
definer property? This server crash is just a result.
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
