Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tKm1M-00Agfb-E4 for pgsql-general@arkaria.postgresql.org; Mon, 09 Dec 2024 22:14:29 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tKm1J-00BxFq-Vu for pgsql-general@arkaria.postgresql.org; Mon, 09 Dec 2024 22:14:27 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tKm1J-00BxFc-GA for pgsql-general@lists.postgresql.org; Mon, 09 Dec 2024 22:14:26 +0000 Received: from mout-p-103.mailbox.org ([80.241.56.161]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tKm1H-001xap-06 for pgsql-general@postgresql.org; Mon, 09 Dec 2024 22:14:25 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [10.196.197.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4Y6bkM4CQhz9shb; Mon, 9 Dec 2024 23:14:19 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org; s=mail20150812; t=1733782459; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=U5IE59UmimjZ1jUfRIXVAH2ginHtU1n3CpOBmAvI1C4=; b=WZvUfN1CemKIeuPLEYL834Or1S2qUkxVrfuKC0bW1txG81HaAFC40SFDJWmDhfGsd+tslA EGNcVogbM4g9EBvGLIE/dS60SnP6yeZUHabwm52oQypMOoaeIJAHTwRUShEtV4j4MbLZX9 DM+X26WJiKFi2dLfr6f3lLEKh5ZWlX3rMYtJ+h4xx0/6HS4WgFP7i/UcjsUM85ZR+1cbiG WXaoMFKCphCpCpAPg8AFfS5A2xo2uTSJp4P2fysCJa3YPeV89jZzEPdagKPAfav2/0hKSQ xf/skvWmApjvy3bn6+2I1ED8dW22DA+tU5YIo5L1QRu58mWb+XdBzplYhCVjew== Content-Type: multipart/alternative; boundary="------------PUkNzp4HNOFdRbFy0bB6JNKJ" Message-ID: <9a7ca237-7696-40e3-9ae6-12bd98c1b86c@mailbox.org> Date: Mon, 9 Dec 2024 14:14:04 -0800 MIME-Version: 1.0 Subject: Re: Errors when restoring backup created by pg_dumpall To: "David G. Johnston" Cc: Adrian Klaver , Tom Lane , "pgsql-general@postgresql.org" References: <6a6439f1-8039-44e2-8fb9-59028f7f2014@mailbox.org> <9c5ba566-27b8-4e8c-bf7d-2dc561509991@mailbox.org> <41791b6d-aaf5-4fed-9cc3-e89bc49e8637@mailbox.org> <1257068.1733025493@sss.pgh.pa.us> <06425038-e012-4bac-aec1-d9541436f893@mailbox.org> <92405f98-7f0c-4442-8252-697352daefc1@aklaver.com> <1470486.1733087658@sss.pgh.pa.us> <4ab662d8-57cc-471f-8a58-cfd71d1cea22@aklaver.com> <1475512.1733090108@sss.pgh.pa.us> <19d5f2c7-1252-4442-accb-8aa2cb289ad0@mailbox.org> Content-Language: en-US From: PopeRigby In-Reply-To: X-MBO-RS-META: 63dp41hdb39pgna51m8nwm6x8yfnnhxc X-MBO-RS-ID: c1b1ab74306b6e79d19 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk This is a multi-part message in MIME format. --------------PUkNzp4HNOFdRbFy0bB6JNKJ Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 12/7/24 11:58, David G. Johnston wrote: > On Sat, Dec 7, 2024 at 12:25 PM PopeRigby wrote: > > > It actually looks like setting those all to have public fixed all the > errors, including the one with lldap. So, how can I get it to not put > public there automatically for next time? > > > I assume you mean "get it to put public there" (i.e., the "not" is a typo) > > You cannot. The security team has decided to not permit an opt-in > bypass of the lock-downs implemented to fix CVE-2018-1058. > > Your only real choice at the moment is to replace the function call in > the generated expression with a custom function and in that custom > function's create function command attach a "set search_path to > public" clause.  That will prevent inlining and also ensure the public > schema is in the search_path when executing the public.ll_to_earth > function call.  With that in place the empty search_path in the dump > file will no longer matter. > > David J. > Yeah, that was a typo. It seems weird that this behavior would be broken by default though, is there anything that could fix it upstream? --------------PUkNzp4HNOFdRbFy0bB6JNKJ Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
On 12/7/24 11:58, David G. Johnston wrote:
On Sat, Dec 7, 2024 at 12:25 PM PopeRigby <poperigby@mailbox.org> wrote:

It actually looks like setting those all to have public fixed all the
errors, including the one with lldap. So, how can I get it to not put
public there automatically for next time?


I assume you mean "get it to put public there" (i.e., the "not" is a typo)

You cannot.  The security team has decided to not permit an opt-in bypass of the lock-downs implemented to fix CVE-2018-1058.

Your only real choice at the moment is to replace the function call in the generated expression with a custom function and in that custom function's create function command attach a "set search_path to public" clause.  That will prevent inlining and also ensure the public schema is in the search_path when executing the public.ll_to_earth function call.  With that in place the empty search_path in the dump file will no longer matter.

David J.

Yeah, that was a typo. It seems weird that this behavior would be broken by default though, is there anything that could fix it upstream?

--------------PUkNzp4HNOFdRbFy0bB6JNKJ--