Participants
Jeff Davis
Jeff Davis
Jeff Davis
Jeff Davis
Tom Lane
Tom Lane
Alvaro Herrera
Alvaro Herrera
Attachments

No attachments in this thread

Thread Outline
#1Jeff DavisJeff Davis
Mar 05, 2024
#2...#3
Tom LaneJeff Davis
to Jeff Davis (#1)
Mar 05, 2024
#2Tom LaneTom Laneto Jeff Davis (#1)
Mar 05, 2024
#3Jeff DavisJeff Davisto Tom Lane (#2)
Mar 05, 2024
#4...#5
Alvaro HerreraJeff Davis
to Jeff Davis (#1)
Mar 05, 2024
#4Alvaro HerreraAlvaro Herrerato Jeff Davis (#1)
Mar 05, 2024
#5Jeff DavisJeff Davisto Alvaro Herrera (#4)
Mar 05, 2024

pgsql: Fix search_path to a safe value during maintenance operations.

Started by Jeff Davisalmost 2 years ago5 messages
#1Jeff Davis
Jeff Davis
jdavis@postgresql.org

Fix search_path to a safe value during maintenance operations.

While executing maintenance operations (ANALYZE, CLUSTER, REFRESH
MATERIALIZED VIEW, REINDEX, or VACUUM), set search_path to
'pg_catalog, pg_temp' to prevent inconsistent behavior.

Functions that are used for functional indexes, in index expressions,
or in materialized views and depend on a different search path must be
declared with CREATE FUNCTION ... SET search_path='...'.

This change was previously committed as 05e1737351, then reverted in
commit 2fcc7ee7af because it was too late in the cycle.

Preparation for the MAINTAIN privilege, which was previously reverted
due to search_path manipulation hazards.

Discussion: /messages/by-id/d4ccaf3658cb3c281ec88c851a09733cd9482f22.camel@j-davis.com
Discussion: /messages/by-id/E1q7j7Y-000z1H-Hr@gemulon.postgresql.org
Discussion: /messages/by-id/e44327179e5c9015c8dda67351c04da552066017.camel@j-davis.com
Reviewed-by: Greg Stark, Nathan Bossart, Noah Misch

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/2af07e2f749a9208ca1ed84fa1d8fe0e75833288

Modified Files
--------------
contrib/amcheck/t/004_verify_nbtree_unique.pl | 33 +++++++++-------
contrib/amcheck/verify_nbtree.c | 2 +
doc/src/sgml/amcheck.sgml | 3 ++
doc/src/sgml/brin.sgml | 4 +-
doc/src/sgml/ref/analyze.sgml | 6 +++
doc/src/sgml/ref/cluster.sgml | 6 +++
doc/src/sgml/ref/create_index.sgml | 6 +++
doc/src/sgml/ref/refresh_materialized_view.sgml | 6 +++
doc/src/sgml/ref/reindex.sgml | 6 +++
doc/src/sgml/ref/vacuum.sgml | 6 +++
src/backend/access/brin/brin.c | 2 +
src/backend/catalog/index.c | 9 +++++
src/backend/catalog/namespace.c | 3 ++
src/backend/commands/analyze.c | 2 +
src/backend/commands/cluster.c | 2 +
src/backend/commands/indexcmds.c | 8 ++++
src/backend/commands/matview.c | 2 +
src/backend/commands/vacuum.c | 2 +
src/bin/scripts/t/100_vacuumdb.pl | 4 --
src/include/utils/guc.h | 6 +++
.../test_oat_hooks/expected/alter_table.out | 2 +
.../test_oat_hooks/expected/test_oat_hooks.out | 4 ++
src/test/regress/expected/matview.out | 4 +-
src/test/regress/expected/namespace.out | 44 ++++++++++++++++++++++
src/test/regress/expected/privileges.out | 12 +++---
src/test/regress/expected/vacuum.out | 2 +-
src/test/regress/sql/matview.sql | 4 +-
src/test/regress/sql/namespace.sql | 32 ++++++++++++++++
src/test/regress/sql/privileges.sql | 8 ++--
src/test/regress/sql/vacuum.sql | 2 +-
30 files changed, 200 insertions(+), 32 deletions(-)

#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Jeff Davis (#1)
Re: pgsql: Fix search_path to a safe value during maintenance operations.

Jeff Davis <jdavis@postgresql.org> writes:

Fix search_path to a safe value during maintenance operations.

The buildfarm seems pretty unhappy with this.

regards, tom lane

#3Jeff Davis
Jeff Davis
pgsql@j-davis.com
In reply to: Tom Lane (#2)
Re: pgsql: Fix search_path to a safe value during maintenance operations.

On Mon, 2024-03-04 at 21:15 -0500, Tom Lane wrote:

Jeff Davis <jdavis@postgresql.org> writes:

Fix search_path to a safe value during maintenance operations.

The buildfarm seems pretty unhappy with this.

Looks like I need to use GUC_ACTION_SAVE. I will remedy it shortly.

Regards,
Jeff Davis

#4Alvaro Herrera
Alvaro Herrera
alvherre@alvh.no-ip.org
In reply to: Jeff Davis (#1)
Re: pgsql: Fix search_path to a safe value during maintenance operations.

On 2024-Mar-05, Jeff Davis wrote:

Fix search_path to a safe value during maintenance operations.

While executing maintenance operations (ANALYZE, CLUSTER, REFRESH
MATERIALIZED VIEW, REINDEX, or VACUUM), set search_path to
'pg_catalog, pg_temp' to prevent inconsistent behavior.

Functions that are used for functional indexes, in index expressions,
or in materialized views and depend on a different search path must be
declared with CREATE FUNCTION ... SET search_path='...'.

This appears to have upset the sepgsql tests. In buildfarm member
rhinoceros there's now a bunch of errors like this

 ALTER TABLE regtest_table_4
       ADD CONSTRAINT regtest_tbl4_con EXCLUDE USING btree (z WITH =);
+LOG:  SELinux: allowed { search } scontext=unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="regtest_schema" permissive=0
+LOG:  SELinux: allowed { search } scontext=unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0 tcontext=system_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="public" permissive=0

in its ddl.sql test. I suppose this is just the result of the internal
change of search_path. Maybe the thing to do is just accept the new
output as expected.

--
Álvaro Herrera 48°01'N 7°57'E — https://www.EnterpriseDB.com/
Voy a acabar con todos los humanos / con los humanos yo acabaré
voy a acabar con todos (bis) / con todos los humanos acabaré ¡acabaré! (Bender)

#5Jeff Davis
Jeff Davis
pgsql@j-davis.com
In reply to: Alvaro Herrera (#4)
Re: pgsql: Fix search_path to a safe value during maintenance operations.

On Tue, 2024-03-05 at 17:19 +0100, Alvaro Herrera wrote:

This appears to have upset the sepgsql tests.  In buildfarm member
rhinoceros there's now a bunch of errors like this

Thank you, pushed, and it appears to have fixed the problem.

Regards,
Jeff Davis

← Back to Topics