| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Tomas Vondra <tv(at)fuzzy(dot)cz> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: system administration functions with hardcoded superuser checks |
| Date: | 2012-12-20 00:14:52 |
| Message-ID: | 25579.1355962492@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tomas Vondra <tv(at)fuzzy(dot)cz> writes:
> On 19.12.2012 07:34, Magnus Hagander wrote:
>> Granting executability on pg_read_xyz is pretty darn close to granting
>> superuser, without explicitly asking for it. Well, you get "read only
>> superuser". If we want to make that step as easy as just GRANT, we
>> really need to write some *very* strong warnings in the documentation
>> so that people realize this. I doubt most people will realize it
>> unless we do that (and those who don't read the docs, whch is probably
>> a majority, never will).
> Yup, that's what I meant by possibility to perform "additional parameter
> values checks" ;-)
Yeah, which is easily done if you've written a wrapper function and not
so easily otherwise. Between that and the point about how pg_dump
wouldn't preserve GRANTs done directly on system functions, I think this
proposal isn't going anywhere anytime soon.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Farina | 2012-12-20 00:18:40 | Re: Cascading replication: should we detect/prevent cycles? |
| Previous Message | Pavan Deolasee | 2012-12-20 00:10:18 | Re: Set visibility map bit after HOT prune |