allowing privileges on untrusted languages

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-hackers(at)postgresql(dot)org
Subject: allowing privileges on untrusted languages
Date: 2013-01-11 12:00:27
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Here is a proposed patch for the issue discussed in

I'd propose getting rid of lanplistrusted, at least for access
checking. Instead, just don't install USAGE privileges by
default for those languages.

The reason is that there is value in having a role that can
schemas, possibly containing functions in untrusted languages,
without having to be a full superuser. Just like you can have a
user that can create roles without being a superuser.

It turned out that actually getting rid of lanpltrusted would be too
invasive, especially because some language handlers use it to determine
their own behavior.

So instead the lanpltrusted attribute now just determined what the
default privileges of the language are, and all the checks the require
superuserness to do anything with untrusted languages are removed.

Attachment Content-Type Size
pg-lanpltrusted.patch text/x-patch 6.2 KB


Browse pgsql-hackers by date

  From Date Subject
Next Message Amit Kapila 2013-01-11 12:30:27 Re: Performance Improvement by reducing WAL for Update Operation
Previous Message Pavel Stehule 2013-01-11 11:04:35 bugfix: --echo-hidden is not supported by \sf statements