Thread
Commits
-
Document security implications of qualified names.
- c0550994489d 9.3.24 landed
- 8c477a42eb9b 9.4.19 landed
- 002596d97387 9.5.14 landed
- 5eecc1cafdbd 9.6.10 landed
- ca4a6de17432 10.5 landed
- a117c7a7b62f 11.0 landed
- e09144e6ce2b 12.0 landed
-
Document security implications of search_path and the public schema.
- 5770172cb0c9 11.0 cited
-
Documenting safe practices for qualified function calls
Noah Misch <noah@leadboat.com> — 2018-07-21T01:24:46Z
The CVE-2018-1058 documentation change, commit 5770172, directed readers to secure their schema usage patterns. That made secure their use of unqualified function and operator names. Sometimes one wishes to call an object outside search_path via a qualified name. That has its own security considerations, which we hadn't documented to the same degree. The security team discussed this and concluded that the lack of documentation did not itself constitute a security flaw. I did prepare the attached patch, which Jonathan Katz reviewed. I'm posting it here in case anyone else wishes to review it. Thanks, nm