Re: I propose killing PL/Tcl's "modules" infrastructure

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Jan Wieck <jan(at)wi3ck(dot)info>
Subject: Re: I propose killing PL/Tcl's "modules" infrastructure
Date: 2017-02-27 12:48:13
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On Mon, Feb 27, 2017 at 1:24 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> * I'm not terribly comfortable about what the permissions levels of the
>> GUCs ought to be. ... Maybe we'd better make them both SUSET.

> Making them SUSET sounds like a usability fail to me. I'm not sure
> how bad the security risks of NOT making them SUSET are, but I think
> if we find that SUSET is required for safety then we've squeezed most
> of the value out of the feature.

Well, the feature it's replacing (autoload an "unknown" module) had to be
squeezed down to being effectively superuser-only, so we're not really
losing anything compared to where we are now. And the more I think about
it, the less I think we can introduce a new security-critical GUC and just
leave it as USERSET.

regards, tom lane

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Dagfinn Ilmari =?utf-8?Q?Manns=C3=A5ker?= 2017-02-27 13:35:32 Re: [PATCH] Add GUCs for predicate lock promotion thresholds
Previous Message Andres Freund 2017-02-27 12:02:00 Re: PATCH: two slab-like memory allocators