Skip to content

Lock down search_path of functions #445

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
svenklemm wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Lock down search_path of functions #445

svenklemm wants to merge 1 commit into from

Conversation

@svenklemm
Copy link

@svenklemm svenklemm commented Feb 8, 2025

Functions referencing objects without schema are susceptible to accessing unintented objects depending on the search_path they are executed with. This patch adds a search_path to all the SQL and PLPGSQL functions to ensure the intended objects are accessed.

@svenklemm
Lock down search_path of functions
40e3506 
Functions referencing objects without schema are susceptible to
accessing unintented objects depending on the search_path they
are executed with. This patch adds a search_path to all the SQL
and PLPGSQL functions to ensure the intended objects are accessed.
@za-arthur
Copy link
Collaborator

za-arthur commented Mar 4, 2025

@svenklemm thank you for the contribution!

Currently pg_repack sets hardcoded search_path on every connection:

pg_repack/bin/pgut/pgut.c

Line 550 in 306b0d4

pgut_command(conn, "SET search_path TO pg_catalog, pg_temp, public", 0, NULL);

Does the PR improve handling of issue of calling unintented objects? BTW there are still views repack.primary_keys and repack.tables, which can call unintended objects. AFAIK it isn't possible to set search_path during CREATE VIEW, but because pg_repack already sets hardcoded search_path all views and functions calls should be handled.

@svenklemm
Copy link
Author

svenklemm commented Mar 31, 2025

During view creation object references are pinned to the objects according to the search path during creation. But this does not apply to indirect references, e.g. unspecified object references in functions called in a view. With explicit search_path like that things used by pg_repack binary are safe. This is hardening for callers outside of the binary using the views provided by pg_repack.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

waiting for author

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@svenklemm @za-arthur