Re: Loose ends after CVE-2020-14350 (extension installation hazards)
Chapman Flack <chap@anastigmatix.net>
From: Chapman Flack <chap@anastigmatix.net>
To: Tom Lane <tgl@sss.pgh.pa.us>, pgsql-hackers@lists.postgresql.org
Date: 2020-08-14T19:07:51Z
Lists: pgsql-hackers
On 08/14/20 14:50, Tom Lane wrote: > SAVEPOINT s1; > SET LOCAL search_path = pg_catalog, pg_temp; > ... protected code here ... > RELEASE SAVEPOINT s1; > > but this does not work because SET LOCAL persists to the end of the > outer transaction. Maybe we could invent a variant that only lasts > for the current subtransaction. This reminds me of the way the SQL standard overloads WITH to supply lexically-scoped settings of things, as well as CTEs, mentioned a while back. [1] Would this provide additional incentive to implement that syntax, generalized to support arbitrary GUCs and not just the handful of specific settings the standard uses it for? Regards, -Chap [1] https://www.postgresql.org/message-id/5AAEAE0F.20006%40anastigmatix.net
Commits
-
Remove no-longer-usable hstore--1.0--1.1.sql update script.
- d4d443b3bbbb 14.0 landed