Skip site navigation (1) Skip section navigation (2)

Re: use GUC for cmdline

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Marko Kreen <marko(at)l-t(dot)ee>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, pgsql-patches(at)postgresql(dot)org
Subject: Re: use GUC for cmdline
Date: 2001-06-21 22:23:03
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-patches
Marko Kreen <marko(at)l-t(dot)ee> writes:
>> No.  PGC_BACKEND settings have no permission check, because users can pass
>> them in from the client with the PGOPTIONS environment variable.  The fix
>> might involve a non-trivial rearrangement of the way PGOPTIONS is
>> processed (might be impossible, because PGC_BACKEND might be useless if
>> the setting will only happen after the first table access (pg_shadow)) or
>> another context level (might be too much work for one case).  At the
>> moment you might want to just cheat and fix the context at PGC_POSTMASTER
>> for this particular case.

> Do you mean following?

>  				if (DebugLvl >= 1);
> -				SetConfigOption("log_connections", tmp, ctx, true);
> +				SetConfigOption("log_connections", tmp, PGC_POSTMASTER, true);

In this particular case, there is no reason for log_connections to be
restricted that I can see --- it's a pretty harmless switch.  I'd
recommend downgrading its PGC restriction level to BACKEND.

BTW, *please* remove the bogus ';' on the if() line.

>  				if (secure)
> -					SetConfigOption("fsync", "false", ctx, true);
> +					SetConfigOption("fsync", "false", PGC_POSTMASTER, true);

This seems like an appropriate fix.  I would recommend doing the same
with all the option switch settings that are protected with "if
(secure)".  This is not a hack: essentially it says we will treat
options passed to the postmaster with -o as postmaster-time options.

Note that the above change for log_connections is shown to be wrong
by this same logic, because -d is *not* a secure switch.  If you do want
to keep log_connections protected against being set by mere users,
then the appropriate coding would be

	if (DebugLvl >= 1 && secure)
		SetConfigOption("log_connections", tmp, PGC_POSTMASTER, true);
	if (DebugLvl >= 2)
		SetConfigOption("debug_print_query", tmp, ctx, true);
	... etc ...

but again, I don't see a rationale for this restriction.

			regards, tom lane

In response to


pgsql-patches by date

Next:From: Bruce MomjianDate: 2001-06-21 22:23:58
Subject: Re: [ADMIN] High memory usage [PATCH]
Previous:From: Bruce MomjianDate: 2001-06-21 18:54:45
Subject: Re: [Help] Temporary Table: Implicitely created index not shown in \d i

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group