Commit0551483

committed

Document security implications of check_function_bodies.

Back-patch to 8.4 (all supported versions).

1 parentc0ac4c7 commit0551483Copy full SHA for 0551483

File tree

+12

-8

lines changed

+12

-8

lines changed

Lines changed: 5 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -4407,9 +4407,11 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv;`
`4407`	`4407`	`<para>`
`4408`	`4408`	`This parameter is normally on. When set to <literal>off</>, it`
`4409`	`4409`	`disables validation of the function body string during <xref`
`4410`		`- linkend="sql-createfunction">. Disabling validation is`
`4411`		`- occasionally useful to avoid problems such as forward references`
`4412`		`- when restoring function definitions from a dump.`
	`4410`	`+ linkend="sql-createfunction">. Disabling validation avoids side`
	`4411`	`+ effects of the validation process and avoids false positives due`
	`4412`	`+ to problems such as forward references. Set this parameter`
	`4413`	`+ to <literal>off</> before loading functions on behalf of other`
	`4414`	`+ users; <application>pg_dump</> does so automatically.`
`4413`	`4415`	`</para>`
`4414`	`4416`	`</listitem>`
`4415`	`4417`	`</varlistentry>`

Lines changed: 7 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -195,11 +195,13 @@ CREATE LANGUAGE plsample`
`195`	`195`	`<para>`
`196`	`196`	`Validator functions should typically honor the <xref`
`197`	`197`	`linkend="guc-check-function-bodies"> parameter: if it is turned off then`
`198`		`- any expensive or context-sensitive checking should be skipped.`
`199`		`- In particular, this parameter is turned off by <application>pg_dump</>`
`200`		`- so that it can load procedural language functions without worrying`
`201`		`- about possible dependencies of the function bodies on other database`
`202`		`- objects. (Because of this requirement, the call handler should avoid`
	`198`	`+ any expensive or context-sensitive checking should be skipped. If the`
	`199`	`+ language provides for code execution at compilation time, the validator`
	`200`	`+ must suppress checks that would induce such execution. In particular,`
	`201`	`+ this parameter is turned off by <application>pg_dump</> so that it can`
	`202`	`+ load procedural language functions without worrying about side effects or`
	`203`	`+ dependencies of the function bodies on other database objects.`
	`204`	`+ (Because of this requirement, the call handler should avoid`
`203`	`205`	`assuming that the validator has fully checked the function. The point`
`204`	`206`	`of having a validator is not to let the call handler omit checks, but`
`205`	`207`	`to notify the user immediately if there are obvious errors in a`

Comments

(0)