Home > mailing lists

security_definer_search_path GUC - Mailing list pgsql-hackers

From	Marko Tiikkaja
Subject	security_definer_search_path GUC
Date	May 27, 2021 14:23:35
Msg-id	CAL9smLA_SEWvpusSR8B+K=OOhMwRfKHABZB7J3rc_WcZDmroHQ@mail.gmail.com Whole thread Raw
Responses	Re: security_definer_search_path GUC
List	pgsql-hackers

Tree view

Hi,

Since writing SECURITY DEFINER functions securely requires annoying incantations[1], wouldn't it be nice if we provided a way for the superuser to override the default search path via a GUC in postgresql.conf? That way you can set search_path if you want to override the default, but if you leave it out you're not vulnerable, assuming security_definer_search_path only contains secure schemas.

pgsql-hackers by date:

From: Julien Rouhaud
Date: 27 May 2021, 14:12:16
Subject: Re: sync request forward function ForwardSyncRequest() might hang for some time in a corner case?

From: Yura Sokolov
Date: 27 May 2021, 14:45:50
Subject: Re: Add PortalDrop in exec_execute_message

security_definer_search_path GUC - Mailing list pgsql-hackers

Previous

Next