Re: Failed assertion due to procedure created with SECURITY DEFINER option
Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Andres Freund <andres@anarazel.de>
Cc: amul sul <sulamul@gmail.com>,
PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2018-07-04T07:43:06Z
Lists: pgsql-hackers
Attachments
- 0001-Prohibit-transaction-commands-in-security-definer-pr.patch (text/plain) patch 0001
On 03.07.18 19:20, Andres Freund wrote: > On 2018-06-29 10:19:17 -0700, Andres Freund wrote: >> Hi, >> >> On 2018-06-29 13:56:12 +0200, Peter Eisentraut wrote: >>> On 6/29/18 13:07, amul sul wrote: >>>> This happens because of in fmgr_security_definer() function we are >>>> changing global variable SecurityRestrictionContext and in the >>>> StartTransaction() insisting it should be zero, which is the problem. >>> >>> Hmm, what is the reason for this insistation? >> >> Because it's supposed to be reset by AbortTransaction(), after an error. > > Does that make sense Peter? > > I've added this thread to the open items list. Proposed fix attached. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Commits
-
Prohibit transaction commands in security definer procedures
- 3804e89bd0e9 11.0 landed
- 3884072329bd 12.0 landed