> On Jun 3, 2021, at 9:03 AM, Pavel Stehule <pavel.stehule@gmail.com> wrote:
>
> I agree so some possibility of locking search_path or possibility to control who and when can change it can increase
security.This should be a core feature. It's maybe more generic issue - same functionality can be required for work_mem
setting,maybe max_paralel_workers_per_gather, and other GUC
Chapman already suggested a mechanism in [1] to allow chaining together additional validators for GUCs.
When setting search_path, the check_search_path(char **newval, void **extra, GucSource source) function is invoked. As
Iunderstand Chapman's proposal, additional validators could be added to any GUC. You could implement search_path
restrictionsby defining additional validators that enforce whatever restriction you like.
Marko, does his idea sound workable for your needs? I understood your original proposal as only restricting the value
ofsearch_path within security definer functions. This idea would allow you to restrict it everywhere, and not tailored
tojust that context.
[1] https://www.postgresql.org/message-id/608C9A81.3020006@anastigmatix.net
—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
