James Coleman <jtc...@gmail.com> writes: > On Fri, Apr 10, 2020 at 10:12 AM James Coleman <jtc...@gmail.com> wrote: >> One thing I just noticed and had a question about: in >> preparePresortedCols (which sets up a function call context), do we >> need to call pg_proc_aclcheck?
> Background: this came up because I noticed that pg_proc_aclcheck is > called in the scalar array op case in execExpr.c. > However grepping through the source code I see several places where a > function (including an equality op for an ordering op, like the case > we have here) gets looked up without calling pg_proc_aclcheck, but > then other places where the acl check is invoked. Rule of thumb is that we don't apply ACL checks to functions/ops we get out of an opclass; adding a function to an opclass is tantamount to giving public execute permission on it. If the function/operator reference came directly from the SQL query it must be checked. > In addition, I haven't been able to discern a reason for why sometimes > InvokeFunctionExecuteHook gets called with the function after lookup, > but not others. I would not stand here and say that that hook infrastructure is worth anything at all. Maybe the coverage is sufficient for some use-cases, but who's to say? regards, tom lane