Re: security_definer_search_path GUC - Mailing list pgsql-hackers

From Marko Tiikkaja
Subject Re: security_definer_search_path GUC
Date
Msg-id CAL9smLAz7UHajV8HhO-r1+gYeCw1pgNgN2c9qynYh8C1fGEz2w@mail.gmail.com
Whole thread Raw
In response to Re: security_definer_search_path GUC  (Alvaro Herrera <alvherre@alvh.no-ip.org>)
List pgsql-hackers
On Wed, Jun 2, 2021 at 10:20 PM Alvaro Herrera <alvherre@alvh.no-ip.org> wrote:
On 2021-Jun-02, Marko Tiikkaja wrote:

> The use case is: version upgrades.  I want to be able to have a search_path
> of something like 'pg_catalog, compat, public'.  That way we can provide
> compatibility versions of newer functions in the "compat" schema, which get
> taken over by pg_catalog when running on a newer version.  That way all the
> compatibility crap is clearly separated from the stuff that should be in
> "public".

Can't you achieve that with "ALTER DATABASE .. SET search_path"?

No, because I have a thousand SECURITY DEFINER functions which have to override search_path or they'd be insecure.


.m

pgsql-hackers by date:

Previous
From: Andrew Dunstan
Date:
Subject: Re: pgsql: Add regression test for recovery pause.
Next
From: Marko Tiikkaja
Date:
Subject: Re: security_definer_search_path GUC