Home > mailing lists

Re: pgsql: Fix search_path to a safe value during maintenance operations. - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	Re: pgsql: Fix search_path to a safe value during maintenance operations.
Date	June 29, 2023 22:08:35
Msg-id	94da5be0-a2e8-8e22-d170-012410e7c9a3@dunslane.net Whole thread Raw
In response to	Re: pgsql: Fix search_path to a safe value during maintenance operations. (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

On 2023-06-29 Th 11:19, Robert Haas wrote:

Now we're proposing to ship a brand-new feature with a hole that we
definitely already know exists. I can't understand that at all. Should
we just go file the CVE against ourselves right now, then? Seriously,
what are we doing?

If we're not going to fix the feature so that it doesn't break the
security model, we should probably just revert it. I don't understand
at all the idea of shipping something that we 100% know is broken.

cheers

andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com

pgsql-hackers by date:

From: "Tristan Partin"
Date: 29 June 2023, 22:07:19
Subject: Re: Meson build updates

From: Andres Freund
Date: 29 June 2023, 22:13:08
Subject: Re: Meson build updates

Re: pgsql: Fix search_path to a safe value during maintenance operations. - Mailing list pgsql-hackers

Previous

Next