čt 5. 6. 2025 v 12:49 odesílatel Peter Eisentraut <pe...@eisentraut.org> napsal:
> On 23.05.25 10:43, Feike Steenbergen wrote: > > Attached is a sample exploit, that achieves this, key components: > > > > - the GENERATED column uses a user defined immutable function > > - this immutable function cannot ALTER ROLE (needs volatile) > > - therefore this immutable function calls a volatile function > > - the volatile function can contain any security exploit > > I propose to address this by not allowing the use of user-defined > functions in generation expressions for now. The attached patch > implements this. This assumes that all built-in functions are > trustworthy, for this purpose, which seems likely true and likely > desirable. > > I think the feature is still useful like that, and this approach > provides a path to add new functionality in the future that grows this > set of allowed functions, for example by allowing some configurable set > of "trusted" functions or whatever. > +1 Regards Pavel
