Home > mailing lists

Re: Failed assertion due to procedure created with SECURITY DEFINER option - Mailing list pgsql-hackers

From	amul sul
Subject	Re: Failed assertion due to procedure created with SECURITY DEFINER option
Date	July 3, 2018 16:58:30
Msg-id	CAAJ_b96Gupt_LFL7uNyy3c50-wbhA68NUjiK5=rF6_w=pq_T=Q@mail.gmail.com Whole thread Raw
In response to	Re: Failed assertion due to procedure created with SECURITY DEFINERoption (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
List	pgsql-hackers

Tree view

On Fri, Jun 29, 2018 at 5:26 PM Peter Eisentraut
<peter.eisentraut@2ndquadrant.com> wrote:
>
> On 6/29/18 13:07, amul sul wrote:
> > This happens because of in fmgr_security_definer() function we are
> > changing  global variable SecurityRestrictionContext and in the
> > StartTransaction() insisting it should be zero, which is the problem.
>
> Hmm, what is the reason for this insistation?
>
> We could work around this for now by prohibiting transaction commands in
> security definer procedures, similar to what we do in procedures with
> GUC settings attached.
>

I am not sure that I have understood this, apologies. Do you mean by
the following case:

postgres=# CREATE PROCEDURE transaction_test1() LANGUAGE plpgsql
SECURITY DEFINER SET work_mem to '16MB'
AS $$ BEGIN
          COMMIT;
 END $$;
CREATE PROCEDURE

postgres=# CALL transaction_test1();
ERROR:  invalid transaction termination
CONTEXT:  PL/pgSQL function transaction_test1() line 2 at COMMIT

Thanks.

Regards,
Amul

pgsql-hackers by date:

From: Amit Kapila
Date: 03 July 2018, 16:48:13
Subject: Re: Explain buffers wrong counter with parallel plans

From: "Moon, Insung"
Date: 03 July 2018, 17:17:48
Subject: RE: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)

Re: Failed assertion due to procedure created with SECURITY DEFINER option - Mailing list pgsql-hackers

Previous

Next