Re: SQL-standard function bodies and creating SECURITY DEFINER routines securely

On Tue, Aug 16, 2022 at 03:32:36PM -0400, Bruce Momjian wrote:
> On Sat, Dec 25, 2021 at 02:36:27PM +0000, Erki Eessaar wrote:
> > 
> > Hello
> > 
> > PostgreSQL 14 added the feature: "Allow SQL-language functions and procedures
> > to use SQL-standard function bodies."
> > 
> > If I understand correctly, then in this case the system  will track
> > dependencies between tables and routines that use the tables. Thus, the
> > SECURITY DEFINER routines that use the new approach do not require the
> > following mitigation, i.e., SET search_path= is not needed. The following part
> > of documentation does not mention this.
> > 
> > https://www.postgresql.org/docs/current/sql-createfunction.html#
> > SQL-CREATEFUNCTION-SECURITY
> > 
> > [elephant] PostgreSQL: Documentation: 14: CREATE FUNCTION
> >            Overloading. PostgreSQL allows function overloading; that is, the
> >            same name can be used for several different functions so long as
> >            they have distinct input argument types.Whether or not you use it,
> >            this capability entails security precautions when calling functions
> >            in databases where some users mistrust other users; see Section
> >            10.3.. Two functions are considered the same if they have the same
> >            ...
> >            www.postgresql.org
> 
> I have written the attached patch to mention this issue about sql_body
> functions.

The doc patch was reverted based on feedback in this email thread:


https://www.postgresql.org/message-id/flat/AM9PR01MB8268BF5E74E119828251FD34FE409%40AM9PR01MB8268.eurprd01.prod.exchangelabs.com

If you think we should add new wording, please suggest it, thanks.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Indecision is a decision.  Inaction is an action.  Mark Batterson