doc: warn of SECURITY DEFINER schemas for non-sql_body functions

Non-sql_body functions are evaluated at runtime. Reported-by: Erki Eessaar Discussion: https://postgr.es/m/AM9PR01MB8268BF5E74E119828251FD34FE409@AM9PR01MB8268.eurprd01.prod.exchangelabs.com Backpatch-through: 10
author: Bruce Momjian 2022-09-01 01:10:37 +0000
committer: Bruce Momjian 2022-09-01 01:10:37 +0000
commit: a3471ab93ac21358c80d8a87b31f7eb372d7a476 (patch)
tree: 6af57c13b4496973b309609beff26ee76e54f850 /doc/src
parent: 16417ba58e9256903fa120881aa299db0101fac5 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/doc/src/sgml/ref/create_function.sgml b/doc/src/sgml/ref/create_function.sgml
index 74866e8b353..5762d973090 100644
--- a/doc/src/sgml/ref/create_function.sgml
+++ b/doc/src/sgml/ref/create_function.sgml
@@ -715,7 +715,10 @@ SELECT * FROM dup(42);
    <para>
     Because a <literal>SECURITY DEFINER</literal> function is executed
     with the privileges of the user that owns it, care is needed to
-    ensure that the function cannot be misused.  For security,
+    ensure that the function cannot be misused.  This is particularly
+    important for non-<replaceable>sql_body</replaceable> functions because
+    their function bodies are evaluated at run-time, not creation time.
+    For security,
     <xref linkend="guc-search-path"/> should be set to exclude any schemas
     writable by untrusted users.  This prevents
     malicious users from creating objects (e.g., tables, functions, and
author	Bruce Momjian	2022-09-01 01:10:37 +0000
committer	Bruce Momjian	2022-09-01 01:10:37 +0000
commit	a3471ab93ac21358c80d8a87b31f7eb372d7a476 (patch)
tree	6af57c13b4496973b309609beff26ee76e54f850 /doc/src
parent	16417ba58e9256903fa120881aa299db0101fac5 (diff)