Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uhVzV-000oYN-RS for pgsql-general@arkaria.postgresql.org; Thu, 31 Jul 2025 16:18:50 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1uhVzT-002E2e-Ov for pgsql-general@arkaria.postgresql.org; Thu, 31 Jul 2025 16:18:47 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uhVzT-002E2V-CN for pgsql-general@lists.postgresql.org; Thu, 31 Jul 2025 16:18:47 +0000 Received: from fhigh-b2-smtp.messagingengine.com ([202.12.124.153]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1uhVzQ-000359-1X for pgsql-general@lists.postgresql.org; Thu, 31 Jul 2025 16:18:46 +0000 Received: from phl-compute-12.internal (phl-compute-12.phl.internal [10.202.2.52]) by mailfhigh.stl.internal (Postfix) with ESMTP id 9BFEE7A2370; Thu, 31 Jul 2025 12:18:42 -0400 (EDT) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-12.internal (MEProxy); Thu, 31 Jul 2025 12:18:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kurilemu.de; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :reply-to:subject:subject:to:to; s=fm1; t=1753978722; x= 1754065122; bh=/aUJS22uENDzqrI4TppcAOgggbXDyWy2VwXP+YBE4V8=; b=g Iayi8XuxNOZeIitOdri/wigRIJiWb+l2uAkIXbL+k1VDn/su+2XETPcZBL9V/mJw SSeUa+woosnOP1OSWOE3mYJz1mh3EgNyejpdIi/lHqItnCipAVdJSldKicLOG1om 8Ea54hw77wfBQ7OJvAhOZco5/5DNlRQfzt/V8zuBmRyY9c0sKIJMlilye53qlP8T 0WPoEhHAEA0bJEksAS9RxIZZPvZzxdfr+B+q9+NV0kKaImVHBzQi3mvb6ahzwWSt MdlJcxq1Q/7kh1xLO9s5AtFnVe6aXpL035M+K6lhFem5lQNK6O67ghwNscRVjJaC csPRdyHD4OOcPe3mgzsyg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; t=1753978722; x=1754065122; bh=/ aUJS22uENDzqrI4TppcAOgggbXDyWy2VwXP+YBE4V8=; b=HFocJ+QTjVrlA103W wnHhywGoEgu+Ax9z44Ime4VHtJJ7U72qfaUGUcQCiao7WLm2N62NWefwezD3fxy6 y906k88zUKxNxP3Tp8QJybDltM/lQG4Ov9GzofxFiRlsTr1CNzdVPcaxPvsG02bI WxFwuZn3KxA4N8MUUGI20fkgO5pkLiVaEW+zqrxFTrvOucQnX/DzTy1BjDpzWCNr OaIRmcPDBAATv80kEdpjuxuaH6foySre3nhzEiItHsUWCdesZGbp+0HOnIEJFQb1 gDtonuLZHVlu9qIzwKVj+IV6vI64W+xO4hmyLMHSCZcCFqN0mGQ36Qh2xFcmKEfp 8TmUw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdefgddutdduvdejucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf gurhepfffhvfevuffkgggtugfgjgesthekredttddtjeenucfhrhhomheplmhlvhgrrhho ucfjvghrrhgvrhgruceorghlvhhhvghrrhgvsehkuhhrihhlvghmuhdruggvqeenucggtf frrghtthgvrhhnpeetuedvheffkeevgfeuheevteevkefggedttdeufeeuheduuddthfef fffhjeefffenucffohhmrghinhepvghnthgvrhhprhhishgvuggsrdgtohhmnecuvehluh hsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprghlvhhhvghrrhgv sehkuhhrihhlvghmuhdruggvpdhnsggprhgtphhtthhopeegpdhmohguvgepshhmthhpoh huthdprhgtphhtthhopehguhhilhhlrghumhgvrdhlvghlrghrghgvsegurghlihgsohdr tghomhdprhgtphhtthhopeguuggvvhhivghnnhgvsehgmhgrihhlrdgtohhmpdhrtghpth htohepphhgshhqlhdqghgvnhgvrhgrlheslhhishhtshdrphhoshhtghhrvghsqhhlrdho rhhgpdhrtghpthhtohepthhglhesshhsshdrphhghhdrphgrrdhush X-ME-Proxy: Feedback-ID: ie3de48e3:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 31 Jul 2025 12:18:41 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kurilemu.de; s=schmee; t=1753978717; bh=q56VaUoEw4cs9x67tgV/xT3i6phDLVZpXvoCvFIwPfs=; h=Date:From:To:Cc:Subject:In-Reply-To:From; b=UQ2UQto/msOqrRJT8boo8TSAlye8nuPcwIkKxMEeveR+Faloh6/dmQ6TDo2vbxjIp tbXqKYL/CzeVnExlR231Bd/nzEYgzOQArwuxkepBDfwVLbwM9c37juE48A8JB1ZjK7 kHDepQeghknVEAfVVfW089pvtr6VX9hvegUztkFZD+WHzrwy4CaZafNvSoIl+Ag0x5 VocGl/qgaxlIA8vlxuEyV2NRaSae9fLpFQY7RS1v8JptC45QQU68Q4jzoInaWinXF7 Sb78wGfuFVsYIoM5AhFbcgvurRLrP9T8t7TYqUhCkB+XJUDt2pSAb4NgT/ynFWisRV 1pWbM99L3AK9A== Received: by schmee.kurilemu.internal (Postfix, from userid 1000) id 8391190; Thu, 31 Jul 2025 18:18:37 +0200 (CEST) Date: Thu, 31 Jul 2025 18:18:37 +0200 From: =?utf-8?Q?=C3=81lvaro?= Herrera To: Dominique Devienne Cc: Tom Lane , Guillaume Lelarge , pgsql-general@lists.postgresql.org Subject: Re: SET LOCAL ROLE inside SECURITY INVOKER (LANGUAGE plpgsql) function Message-ID: <202507311618.t7vdkwzigntv@alvherre.pgsql> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 2025-Jul-31, Dominique Devienne wrote: > But also, it's weird DELETE allows you to delete all rows. > Yet prevents you from deleting just one, i.e. a subset. But you don't know what you deleted, so you cannot exfiltrate useful info by repeatedly deleting with varying WHERE values. I suspect that you aren't able to use DELETE RETURNING either, unless you have SELECT privs. > I get it, a WHERE needs to read, so needs SELECT. Right. -- Álvaro Herrera PostgreSQL Developer — https://www.EnterpriseDB.com/ "El destino baraja y nosotros jugamos" (A. Schopenhauer)