Re: security_definer_search_path GUC

> On Jun 3, 2021, at 9:03 AM, Pavel Stehule <pavel.stehule@gmail.com> wrote:
>
> I agree so some possibility of locking search_path or possibility to control who and when can change it can increase
security.This should be a core feature. It's maybe more generic issue - same functionality can be required for work_mem
setting,maybe max_paralel_workers_per_gather, and other GUC 

Chapman already suggested a mechanism in [1] to allow chaining together additional validators for GUCs.

When setting search_path, the check_search_path(char **newval, void **extra, GucSource source) function is invoked.  As
Iunderstand Chapman's proposal, additional validators could be added to any GUC.  You could implement search_path
restrictionsby defining additional validators that enforce whatever restriction you like. 

Marko, does his idea sound workable for your needs?  I understood your original proposal as only restricting the value
ofsearch_path within security definer functions.  This idea would allow you to restrict it everywhere, and not tailored
tojust that context. 

[1] https://www.postgresql.org/message-id/608C9A81.3020006@anastigmatix.net

—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company