Participants
Peter Eisentraut
Peter Eisentraut
Attachments
Show all attachments
Thread Outline
#1Peter EisentrautPeter Eisentraut
Jul 13, 2018

pgsql: Prohibit transaction commands in security definer procedures

Started by Peter Eisentrautalmost 8 years ago1 messagescomitters
Jump to latest
#1Peter Eisentraut
Peter Eisentraut
peter_e@gmx.net

Prohibit transaction commands in security definer procedures

Starting and aborting transactions in security definer procedures
doesn't work. StartTransaction() insists that the security context
stack is empty, so this would currently cause a crash, and
AbortTransaction() resets it. This could be made to work by
reorganizing the code, but right now we just prohibit it.

Reported-by: amul sul <sulamul@gmail.com>
Discussion: /messages/by-id/CAAJ_b96Gupt_LFL7uNyy3c50-wbhA68NUjiK5=rF6_w=pq_T=Q@mail.gmail.com

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/3884072329bd1ad7d41bf7582c5d60e969365634

Modified Files
--------------
doc/src/sgml/ref/create_procedure.sgml | 6 ++++++
src/backend/commands/functioncmds.c | 9 +++++++++
src/pl/plpgsql/src/expected/plpgsql_transaction.out | 12 ++++++++++++
src/pl/plpgsql/src/sql/plpgsql_transaction.sql | 13 +++++++++++++
4 files changed, 40 insertions(+)

← Back to Topics