| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg_ls_dir & friends still have a hard-coded superuser check |
| Date: | 2017-01-26 01:22:12 |
| Message-ID: | 20170126012211.GF9812@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Andres,
* Andres Freund (andres(at)anarazel(dot)de) wrote:
> On 2017-01-25 18:04:09 -0500, Stephen Frost wrote:
> > Robert's made it clear that he'd like to have a blanket rule that we
> > don't have superuser checks in these code paths if they can be GRANT'd
> > at the database level, which goes beyond pg_ls_dir.
>
> That seems right to me. I don't see much benefit for the superuser()
> style checks, with a few exceptions. Granting by default is obviously
> an entirely different question.
Well, for my part at least, I disagree. Superuser is a very different
animal, imv, than privileges which can be GRANT'd, and I feel that's an
altogether good thing.
> In other words, you're trying to force people to do stuff your preferred
> way, instead of allowing them to get things done is a reasonable manner.
Apparently we disagree about what is a 'reasonable manner'.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2017-01-26 01:25:55 | Re: Checksums by default? |
| Previous Message | Stephen Frost | 2017-01-26 01:18:18 | Re: Checksums by default? |