| From: | Andrey Borodin <x4mmm(at)yandex-team(dot)ru> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Allowing to create LEAKPROOF functions to non-superuser |
| Date: | 2021-04-12 21:10:35 |
| Message-ID: | 598AC0FB-8D12-41D3-B0AA-ABF9FAF18451@yandex-team.ru |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> 13 апр. 2021 г., в 00:01, Andres Freund <andres(at)anarazel(dot)de> написал(а):
>
> Hi,
>
> On 2021-04-12 23:51:02 +0300, Andrey Borodin wrote:
>> Do I risk having some extra superusers in my installation if I allow
>> everyone to create LEAKPROOF functions?
>
> I think that depends on what you define "superuser" to exactly
> be. Defining it as "has a path to executing arbitrary native code", I
> don't think, if implemented sensibly, allowing to set LEAKPROOF on new
> functions would equate superuser permissions.
Thanks!
> But you soon after might
> hit further limitations where lifting them would have such a risk,
> e.g. defining new types with in/out functions.
I think, real extensibility of a managed DB service is a very distant challenge.
Currently we just allow-list extensions.
Best regards, Andrey Borodin.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2021-04-12 21:14:20 | Re: Allowing to create LEAKPROOF functions to non-superuser |
| Previous Message | Andres Freund | 2021-04-12 21:01:47 | Re: Allowing to create LEAKPROOF functions to non-superuser |