Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions
Jeff Davis <pgsql@j-davis.com>
From: Jeff Davis <pgsql@j-davis.com>
To: Jelte Fennema-Nio <postgres@jeltef.nl>, Isaac Morland <isaac.morland@gmail.com>
Cc: Ashutosh Sharma <ashu.coek88@gmail.com>, Ashutosh Bapat
<ashutosh.bapat.oss@gmail.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2024-06-06T23:20:16Z
Lists: pgsql-hackers
On Fri, 2024-06-07 at 00:19 +0200, Jelte Fennema-Nio wrote: > Even by default making the search_path "pg_catalog, pg_temp" for > functions created by extensions would be very useful. Right now there's no syntax to override that. We'd need something to say "get the search_path from the session". Regards, Jeff Davis