Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions

Robert Haas <robertmhaas@gmail.com>

From: Robert Haas <robertmhaas@gmail.com>
To: Jeff Davis <pgsql@j-davis.com>
Cc: Ashutosh Sharma <ashu.coek88@gmail.com>, John H <johnhyvr@gmail.com>, Alexander Kukushkin <cyberdemn@gmail.com>, Jelte Fennema-Nio <postgres@jeltef.nl>, Ashutosh Bapat <ashutosh.bapat.oss@gmail.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2024-07-15T20:04:53Z
Lists: pgsql-hackers
On Mon, Jul 15, 2024 at 2:33 PM Jeff Davis <pgsql@j-davis.com> wrote:
> On Mon, 2024-07-15 at 13:44 -0400, Robert Haas wrote:
> > But ... why? I mean, what's the point of prohibiting that?
>
> Agreed. We ignore all kinds of stuff in search_path that doesn't make
> sense, like non-existent schemas. Simpler is better.

Oh, I had the opposite idea: I wasn't proposing ignoring it. I was
proposing making it work.

-- 
Robert Haas
EDB: http://www.enterprisedb.com