| From: | Andrey Borodin <x4mmm(at)yandex-team(dot)ru> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Paul Martinez <paulmtz(at)google(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [PATCH] Simplify permission checking logic in user.c |
| Date: | 2020-12-30 18:28:48 |
| Message-ID: | 2EA2837D-F9D6-4F3C-AF10-BA8744106E61@yandex-team.ru |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> 30 дек. 2020 г., в 20:26, Stephen Frost <sfrost(at)snowman(dot)net> написал(а):
>
> I'd strongly suggest that, instead, you consider proposing changes which
> would address the actual use cases you have and work with the community
> to have those included in core, which would further have the added
> property that everyone would then benefit from those improvements.
+1. Last time we asked to change something in privileges[0], we got a feedback pointing to possible vulnerability.
We fixed it in our services and reported to, AFAIR, RDS and Aiven (with PoC exploits).
I think that sharing "various small changes to permission checks" is a really good idea.
> 30 дек. 2020 г., в 20:39, Stephen Frost <sfrost(at)snowman(dot)net> написал(а):
> In other words, I suspect people would be happier if we
> provided a way for non-superusers a way to create replication roles and
> bypassrls roles.
+1 again. I hope we will return to the topic soon.
Best regards, Andrey Borodin.
[0] https://www.postgresql.org/message-id/flat/1269681541151271%40myt5-68ad52a76c91.qloud-c.yandex.net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2020-12-30 18:48:57 | Re: [HACKERS] [PATCH] Generic type subscripting |
| Previous Message | Greg Sabino Mullane | 2020-12-30 18:00:24 | Re: psql \df choose functions by their arguments |