Home > mailing lists

Re: Loose ends after CVE-2020-14350 (extension installation hazards) - Mailing list pgsql-hackers

From	Chapman Flack
Subject	Re: Loose ends after CVE-2020-14350 (extension installation hazards)
Date	August 14, 2020 22:07:51
Msg-id	5F36E107.50907@anastigmatix.net Whole thread Raw
In response to	Loose ends after CVE-2020-14350 (extension installation hazards) (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Loose ends after CVE-2020-14350 (extension installation hazards) (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

On 08/14/20 14:50, Tom Lane wrote:
>     SAVEPOINT s1;
>     SET LOCAL search_path = pg_catalog, pg_temp;
>     ... protected code here ...
>     RELEASE SAVEPOINT s1;
> 
> but this does not work because SET LOCAL persists to the end of the
> outer transaction.  Maybe we could invent a variant that only lasts
> for the current subtransaction.

This reminds me of the way the SQL standard overloads WITH to supply
lexically-scoped settings of things, as well as CTEs, mentioned a while
back. [1]

Would this provide additional incentive to implement that syntax,
generalized to support arbitrary GUCs and not just the handful of
specific settings the standard uses it for?

Regards,
-Chap

[1] https://www.postgresql.org/message-id/5AAEAE0F.20006%40anastigmatix.net

pgsql-hackers by date:

From: Tom Lane
Date: 14 August 2020, 21:50:32
Subject: Loose ends after CVE-2020-14350 (extension installation hazards)

From: Tom Lane
Date: 14 August 2020, 22:38:12
Subject: Re: Loose ends after CVE-2020-14350 (extension installation hazards)

Re: Loose ends after CVE-2020-14350 (extension installation hazards) - Mailing list pgsql-hackers

Previous

Next