Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1qKmaH-001XZS-Fb for pgsql-hackers@arkaria.postgresql.org; Sat, 15 Jul 2023 21:13:45 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1qKmaF-00577g-Cf for pgsql-hackers@arkaria.postgresql.org; Sat, 15 Jul 2023 21:13:43 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1qKmaE-005716-QG for pgsql-hackers@lists.postgresql.org; Sat, 15 Jul 2023 21:13:43 +0000 Received: from mail-yb1-xb32.google.com ([2607:f8b0:4864:20::b32]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1qKmaA-000gbB-AM for pgsql-hackers@postgresql.org; Sat, 15 Jul 2023 21:13:41 +0000 Received: by mail-yb1-xb32.google.com with SMTP id 3f1490d57ef6-cacc3f97ee9so3253035276.3 for ; Sat, 15 Jul 2023 14:13:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leadboat.com; s=google; t=1689455616; x=1692047616; h=user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=dnYwbVwpqgRO+WIKURgWYFW9SZ9Qa1EvZ3ECsdfSYiw=; b=LssxxnaQkTwm4JUjyAr4C6N/g1cPFeOvHy8pxMf9kpt3h1314Lnn9fz4+9fur/2PCz tgW58ZEWw4ifX/d7arPyyO7Rzuja6c23FKJoTNHXNUO7EkL6BkxtOTm2D5Y7Tjsck6gb TrYCZP2SeKWr7+uBTj7upZTxkww64JiEZKgko= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689455616; x=1692047616; h=user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=dnYwbVwpqgRO+WIKURgWYFW9SZ9Qa1EvZ3ECsdfSYiw=; b=YVqOLYPOnIYXJozNbXygCronPNa62Gwsqn/+hTX/qeIQGU33gdd5TV6dvNT6hke9rZ qnOf6w7DLfL5FRQhNQqyLU5qS7xp5ydXagAm7EVKjPIwUDUGBPcFS5ZmJscN6BSpzf6o n/8pYxCNw7qO/XQilNzQLr9Q3DaUPnNnvEHFMWG1iSwqtfYgTftXWcxXUFYM/iRKcEpd dNzLWzEhxarmrp/9PfiB6JnyVH/mnIb9WnG8yRwxppUU8GJZcNn2T9tnMsFFRw3egR7k ItZK2arG/2gresUgIp76dVMrsuZm0cNnQIncfVbBJGi+nZ5XrVgIKI/BDrjrDuAjxWEw 8OuQ== X-Gm-Message-State: ABy/qLYWUdkpvw8FpqlhjpLDBsw3/5DOdlcZ35PhEKo0nAXbcTjn71ky YJlVqTtuTBvWENczCfrjLxESBw== X-Google-Smtp-Source: APBJJlEiLn8lQ6jVPz4ghVan1qiumKMmusH4FrM1eo5/JdPE0OfRi3d4fm03Fuuw8Ysr4TpTXUzLbg== X-Received: by 2002:a5b:986:0:b0:ccf:c5:91fa with SMTP id c6-20020a5b0986000000b00ccf00c591famr1101509ybq.20.1689455616381; Sat, 15 Jul 2023 14:13:36 -0700 (PDT) Received: from rfd.leadboat.com ([2600:1702:a20:5750::2e]) by smtp.gmail.com with ESMTPSA id e199-20020a2569d0000000b00cbfaa799de7sm697914ybc.28.2023.07.15.14.13.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 15 Jul 2023 14:13:35 -0700 (PDT) Date: Sat, 15 Jul 2023 14:13:33 -0700 From: Noah Misch To: "David G. Johnston" Cc: Gurjeet Singh , Jeff Davis , pgsql-hackers@postgresql.org, Nathan Bossart , Robert Haas , Greg Stark , Tom Lane Subject: Re: Fix search_path for all maintenance commands Message-ID: <20230715211333.GB3675150@rfd.leadboat.com> References: <2cf41c8edeaaf7acb757095e6eceab8ae926f3da.camel@j-davis.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Thu, Jul 13, 2023 at 02:07:27PM -0700, David G. Johnston wrote: > On Thu, Jul 13, 2023 at 2:00 PM Gurjeet Singh wrote: > > On Thu, Jul 13, 2023 at 1:37 PM David G. Johnston wrote: > > > I'm against simply breaking the past without any recourse as what we > > did for pg_dump/pg_restore still bothers me. > > > > I'm sure this is tangential, but can you please provide some > > context/links to the change you're referring to here. > > Here is the instigating issue and a discussion thread on the aftermath: > https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058%3A_Protect_Your_Search_Path > https://www.postgresql.org/message-id/flat/13033.1531517020%40sss.pgh.pa.us#2aa2e25816d899d62f168926e3ff17b1 I don't blame you for feeling bothered about it. A benefit of having done it is that we gained insight into the level of pain it caused. If it had been sufficiently painful, someone would have quickly added an escape hatch. Five years later, nobody has added one. The 2018 security fixes instigated many function repairs that $SUBJECT would otherwise instigate. That wasn't too painful. The net new pain of $SUBJECT will be less, since the 2018 security fixes prepared the path. Hence, I remain +1 for the latest Davis proposal.