Tom Lane wrote:
> The underlying C-level get_raw_page function is still there, but
> it now expects three arguments not two, and will crash if it's
> passed an int4 where it's expecting a text argument. But the old
> function definition will migrate without error --- there's no way
> for pg_migrator to realize it's installing a security hazard.
FYI, there is nothing pg_migrator specific here. Someone doing a
dump/reload from 8.3 to 8.4 would have the same security issue.
pg_migrator is using the same pg_dump output as a dump restore, except
it uses --schema. pg_migrator would actually be more secure because it
will exit on the restore error rather than having the error possibly
ignored by the user.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +