Re: untrusted PLs should be GRANTable

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Craig Ringer <craig(at)2ndquadrant(dot)com>
Cc: PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: untrusted PLs should be GRANTable
Date: 2018-07-19 00:23:20
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers


* Craig Ringer (craig(at)2ndquadrant(dot)com) wrote:
> Untrusted PLs should be GRANTable with a NOTICE or WARNING telling the
> admin that GRANTing an untrusted PL effectively gives the user the ability
> to escape to superuser.

I don't know that we really want to get into the business of issuing a
NOTICE or WARNING in such cases. We don't do that in a lot of other
cases where non-superusers can be GRANT'd access which would allow them
to become a superuser and if we start doing it now then we're going to
need to go back and change the existing places to have such NOTICE or
WARNING, or we'll be inconsistent about it, which would be worse. I
also worry that we'd start wanting to have NOTICEs for when we are
allowing users to GRANT roles (like pg_monitor) that might get access to
data that isn't obvious, even if they aren't able to become a superuser
and it just gets ugly.



In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Fabien COELHO 2018-07-19 00:23:33 Re: [HACKERS] Re: [COMMITTERS] pgsql: Remove pgbench "progress" test pending solution of its timing is (fwd)
Previous Message Joshua D. Drake 2018-07-19 00:22:06 Re: Have an encrypted pgpass file