Thread: Getting rid of OverrideSearhPath in namespace.c
Hello hackers, As a follow-up for the CVE-2023-2454 fix, I think that it makes sense to completely remove unsafe functions PushOverrideSearchPath()/PopOverrideSearchPath(), which are not used in the core now. Please look at the patch attached. Beside that, maybe it's worth to rename three functions in "Override" in their names: GetOverrideSearchPath(), CopyOverrideSearchPath(), OverrideSearchPathMatchesCurrent(), and then maybe struct OverrideSearchPath. Noah Misch proposed name GetSearchPathMatcher() for the former. What do you think? Best regards, Alexander
Attachment
Hi, > As a follow-up for the CVE-2023-2454 fix, I think that it makes sense to > completely remove unsafe functions > PushOverrideSearchPath()/PopOverrideSearchPath(), which are not used in the > core now. > Please look at the patch attached. > > [...] > > What do you think? +1 to remove dead code. The proposed patch however removes get_collation_oid(), apparently by mistake. Other than that the patch looks fine and passes `make installcheck-world`. I added an entry to the nearest CF [1]. > Beside that, maybe it's worth to rename three functions in "Override" in > their names: GetOverrideSearchPath(), CopyOverrideSearchPath(), > OverrideSearchPathMatchesCurrent(), and then maybe struct OverrideSearchPath. > Noah Misch proposed name GetSearchPathMatcher() for the former. +1 as well. I added the corresponding 0002 patch. [1] https://commitfest.postgresql.org/44/4447/ -- Best regards, Aleksander Alekseev
Attachment
On Mon, Jul 17, 2023 at 05:11:46PM +0300, Aleksander Alekseev wrote: > > As a follow-up for the CVE-2023-2454 fix, I think that it makes sense to > > completely remove unsafe functions > > PushOverrideSearchPath()/PopOverrideSearchPath(), which are not used in the > > core now. > > Please look at the patch attached. > > > > [...] > > > > What do you think? > > +1 to remove dead code. > > The proposed patch however removes get_collation_oid(), apparently by > mistake. Other than that the patch looks fine and passes `make > installcheck-world`. > > I added an entry to the nearest CF [1]. > > > Beside that, maybe it's worth to rename three functions in "Override" in > > their names: GetOverrideSearchPath(), CopyOverrideSearchPath(), > > OverrideSearchPathMatchesCurrent(), and then maybe struct OverrideSearchPath. > > Noah Misch proposed name GetSearchPathMatcher() for the former. > > +1 as well. I added the corresponding 0002 patch. Pushed both. Thanks.