A PostgreSQL flaw
Posted Feb 22, 2007 13:46 UTC (Thu) by nix
In reply to: A PostgreSQL flaw
Parent article: A PostgreSQL flaw
Well, you need to have been able to create new functions in some schema (which you can later put in the search path) at some earlier point in time.
That's a rather wide constraint.
(FWIW, Oracle has the equivalent of SECURITY DEFINER be the *default* but avoids this bug by searching the object owner's schema instead for such functions. Perhaps simply prepending the object owner's schema to the search path when within such functions would largely fix the problem...)
to post comments)