On Fri, Nov 05, 2010 at 09:01:50PM -0400, Robert Haas wrote: > On Fri, Nov 5, 2010 at 4:02 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > > The latter is an intentional security feature and will not get changed. > > I see that there could be a problem here with SECURITY DEFINER > functions, but I'm not clear whether it goes beyond that?
IIRC correctly it's because even unpriveledged users can make things in the pg_temp schema and it's implicitly at the front of the search_path. There was a CVE about this a while back, no? Have a nice day, -- Martijn van Oosterhout <klep...@svana.org> http://svana.org/kleptog/ > Patriotism is when love of your own people comes first; nationalism, > when hate for people other than your own comes first. > - Charles de Gaulle
signature.asc
Description: Digital signature
