Re: Failed assertion due to procedure created with SECURITY DEFINER option
Andres Freund <andres@anarazel.de>
From: Andres Freund <andres@anarazel.de>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: amul sul <sulamul@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2018-07-03T17:20:11Z
Lists: pgsql-hackers
On 2018-06-29 10:19:17 -0700, Andres Freund wrote: > Hi, > > On 2018-06-29 13:56:12 +0200, Peter Eisentraut wrote: > > On 6/29/18 13:07, amul sul wrote: > > > This happens because of in fmgr_security_definer() function we are > > > changing global variable SecurityRestrictionContext and in the > > > StartTransaction() insisting it should be zero, which is the problem. > > > > Hmm, what is the reason for this insistation? > > Because it's supposed to be reset by AbortTransaction(), after an error. Does that make sense Peter? I've added this thread to the open items list. Greetings, Andres Freund
Commits
-
Prohibit transaction commands in security definer procedures
- 3804e89bd0e9 11.0 landed
- 3884072329bd 12.0 landed