Re: use GUC for cmdline

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Marko Kreen <marko(at)l-t(dot)ee>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, pgsql-patches(at)postgresql(dot)org
Subject: Re: use GUC for cmdline
Date: 2001-06-21 22:23:03
Message-ID: 22930.993162183@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-patches

Marko Kreen <marko(at)l-t(dot)ee> writes:
>> No. PGC_BACKEND settings have no permission check, because users can pass
>> them in from the client with the PGOPTIONS environment variable. The fix
>> might involve a non-trivial rearrangement of the way PGOPTIONS is
>> processed (might be impossible, because PGC_BACKEND might be useless if
>> the setting will only happen after the first table access (pg_shadow)) or
>> another context level (might be too much work for one case). At the
>> moment you might want to just cheat and fix the context at PGC_POSTMASTER
>> for this particular case.

> Do you mean following?

> if (DebugLvl >= 1);
> - SetConfigOption("log_connections", tmp, ctx, true);
> + SetConfigOption("log_connections", tmp, PGC_POSTMASTER, true);

In this particular case, there is no reason for log_connections to be
restricted that I can see --- it's a pretty harmless switch. I'd
recommend downgrading its PGC restriction level to BACKEND.

BTW, *please* remove the bogus ';' on the if() line.

> if (secure)
> - SetConfigOption("fsync", "false", ctx, true);
> + SetConfigOption("fsync", "false", PGC_POSTMASTER, true);

This seems like an appropriate fix. I would recommend doing the same
with all the option switch settings that are protected with "if
(secure)". This is not a hack: essentially it says we will treat
options passed to the postmaster with -o as postmaster-time options.

Note that the above change for log_connections is shown to be wrong
by this same logic, because -d is *not* a secure switch. If you do want
to keep log_connections protected against being set by mere users,
then the appropriate coding would be

if (DebugLvl >= 1 && secure)
SetConfigOption("log_connections", tmp, PGC_POSTMASTER, true);
if (DebugLvl >= 2)
SetConfigOption("debug_print_query", tmp, ctx, true);
... etc ...

but again, I don't see a rationale for this restriction.

regards, tom lane

In response to

Responses

Browse pgsql-patches by date

  From Date Subject
Next Message Bruce Momjian 2001-06-21 22:23:58 Re: [ADMIN] High memory usage [PATCH]
Previous Message Bruce Momjian 2001-06-21 18:54:45 Re: [Help] Temporary Table: Implicitely created index not shown in \d i