Regarding the advisory on possibly insecure security definer functions that I just sent out (by overriding the search path you can make the function do whatever you want with the privileges of the function owner), the favored solution after some initial discussion in the core team was to save the search path at creation time with each function. This measure will arguably also increase the robustness of functions in general, and it seems to be desirable as part of the effort to make plan invalidation work.
Quite probably, there will be all sorts of consequences in terms of backward compatibility and preserving the possibility of valid uses of the old behavior and so on. So I'm inviting input on how to fix the problem in general and how to avoid the mentioned follow-up problems in particular. -- Peter Eisentraut http://developer.postgresql.org/~petere/ ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings
