| From: | tgl(at)postgresql(dot)org (Tom Lane) |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Enforce superuser permissions checks during ALTER ROLE/DATABASE |
| Date: | 2010-04-21 20:54:19 |
| Message-ID: | 20100421205419.EFACB7541D0@cvs.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Log Message:
-----------
Enforce superuser permissions checks during ALTER ROLE/DATABASE SET, rather
than during define_custom_variable(). This entails rejecting an ALTER
command if the target variable doesn't have a known (non-placeholder)
definition, unless the calling user is superuser. When the variable *is*
known, we can correctly apply the rule that only superusers can issue ALTER
for SUSET parameters. This allows define_custom_variable to apply ALTER's
values for SUSET parameters at module load time, secure in the knowledge
that only a superuser could have set the ALTER value. This change fixes a
longstanding gotcha in the usage of SUSET-level custom parameters; which
is a good thing to fix now that plpgsql defines such a parameter.
Modified Files:
--------------
pgsql/doc/src/sgml/ref:
alter_role.sgml (r1.16 -> r1.17)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/alter_role.sgml?r1=1.16&r2=1.17)
pgsql/src/backend/utils/misc:
guc.c (r1.549 -> r1.550)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/misc/guc.c?r1=1.549&r2=1.550)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-04-22 01:03:20 | Re: pgsql: Only send cleanup_info messages if VACUUM removes any tuples. |
| Previous Message | Simon Riggs | 2010-04-21 19:53:25 | pgsql: Only send cleanup_info messages if VACUUM removes any tuples. |