From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Andres Freund <andres(at)anarazel(dot)de> |
Cc: | Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com>, Jeff Davis <pgsql(at)j-davis(dot)com>, Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Non-superuser subscription owners |
Date: | 2023-02-07 21:56:55 |
Message-ID: | CA+TgmoaXk+cZ72L42iRV+_yz9vLoL=--6GftqJAX4gW6zyyWzQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Feb 1, 2023 at 4:02 PM Andres Freund <andres(at)anarazel(dot)de> wrote:
> On 2023-01-30 15:32:34 -0500, Robert Haas wrote:
> > I had a long think about what to do with ALTER SUBSCRIPTION ... OWNER
> > TO in terms of permissions checks.
>
> As long as owner and run-as are the same, I think it's strongly
> preferrable to *not* require pg_create_subscription.
OK.
> > Another question around ALTER SUBSCRIPTION ... OWNER TO and also ALTER
> > SUBSCRIPTION .. RENAME is whether they ought to fail if you're not a
> > superuser and password_required false is set.
>
> I don't really see a benefit in allowing it, so I'm inclined to go for
> the more restrictive option. But this is a really weakly held opinion.
I went back and forth on this and ended up with what you propose here.
It's simpler to explain this way.
> > + /* Is the use of a password mandatory? */
> > + must_use_password = MySubscription->passwordrequired &&
> > + !superuser_arg(MySubscription->owner);
>
> There's a few repetitions of this - perhaps worth putting into a helper?
I don't think so. It's slightly different each time, because it's
pulling data out of different data structures.
> This still leaks the connection on error, no?
I've attempted to fix this in v4, attached.
--
Robert Haas
EDB: http://www.enterprisedb.com
Attachment | Content-Type | Size |
---|---|---|
v4-0001-Add-new-predefined-role-pg_create_subscriptions.patch | application/octet-stream | 37.2 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Tomas Vondra | 2023-02-07 22:28:33 | Re: daitch_mokotoff module |
Previous Message | Thomas Munro | 2023-02-07 21:51:08 | Re: Too coarse predicate locks granularity for B+ tree indexes |