On Wed, 2024-03-06 at 14:32 +0100, Laurenz Albe wrote: > On Mon, 2023-11-06 at 18:29 +0100, Tomas Vondra wrote: > > On 11/6/23 14:23, Laurenz Albe wrote: > > > This behavior looks buggy to me. What do you think? > > > I cannot imagine that it is a security problem, though. > > > > How could code getting executed under the wrong role not be a security > > issue? Also, does this affect just the role, or are there some other > > settings that may unexpectedly change (e.g. search_path)? > > Here is a patch that fixes this problem by keeping track of the > current role in the AfterTriggerSharedData.
Funny enough, this problem has just surfaced on pgsql-general: https://postgr.es/m/89e33a53-909c-6a02-bfc6-2578ba974...@cloud.gatewaynet.com I take this as one more vote for this patch... Yours, Laurenz Albe
