On Tue, Apr 13, 2021 at 06:26:34PM -0400, Tom Lane wrote: > Attached are some draft patches to convert almost all of the > contrib modules' SQL functions to use SQL-standard function bodies. > The point of this is to remove the residual search_path security > hazards that we couldn't fix in commits 7eeb1d986 et al. Since > a SQL-style function body is fully parsed at creation time, > its object references are not subject to capture by the run-time > search path.
Are there any inexact matches in those function/operator calls? Will that matter more or less than it does today? > However I think we may still need an assumption that earthdistance > and cube are in the same schema --- any comments on that? That part doesn't change, indeed. > I'd like to propose squeezing these changes into v14, even though > we're past feature freeze. Reason one is that this is less a > new feature than a security fix; reason two is that this provides > some non-artificial test coverage for the SQL-function-body feature. Dogfooding like this is good. What about the SQL-language functions that initdb creates?
