> On Jun 3, 2021, at 9:03 AM, Pavel Stehule <pavel.steh...@gmail.com> wrote:
>
> I agree so some possibility of locking search_path or possibility to control
> who and when can change it can increase security. This should be a core
> feature. It's maybe more generic issue - same functionality can be required
> for work_mem setting, maybe max_paralel_workers_per_gather, and other GUC
Chapman already suggested a mechanism in [1] to allow chaining together
additional validators for GUCs.
When setting search_path, the check_search_path(char **newval, void **extra,
GucSource source) function is invoked. As I understand Chapman's proposal,
additional validators could be added to any GUC. You could implement
search_path restrictions by defining additional validators that enforce
whatever restriction you like.
Marko, does his idea sound workable for your needs? I understood your original
proposal as only restricting the value of search_path within security definer
functions. This idea would allow you to restrict it everywhere, and not
tailored to just that context.
[1] https://www.postgresql.org/message-id/608c9a81.3020...@anastigmatix.net
—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
