Prohibit transaction commands in security definer procedures
Peter Eisentraut <peter_e@gmx.net>
Prohibit transaction commands in security definer procedures Starting and aborting transactions in security definer procedures doesn't work. StartTransaction() insists that the security context stack is empty, so this would currently cause a crash, and AbortTransaction() resets it. This could be made to work by reorganizing the code, but right now we just prohibit it. Reported-by: amul sul <sulamul@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/CAAJ_b96Gupt_LFL7uNyy3c50-wbhA68NUjiK5%3DrF6_w%3Dpq_T%3DQ%40mail.gmail.com
Files
| Path | Change | +/− |
|---|---|---|
| doc/src/sgml/ref/create_procedure.sgml | modified | +6 −0 |
| src/backend/commands/functioncmds.c | modified | +9 −0 |
| src/pl/plpgsql/src/expected/plpgsql_transaction.out | modified | +12 −0 |
| src/pl/plpgsql/src/sql/plpgsql_transaction.sql | modified | +13 −0 |
Documentation touched
Discussion
- Failed assertion due to procedure created with SECURITY DEFINER option 8 messages · 2018-06-29 → 2018-07-13