Quick Links

Re: let's make the list of reportable GUCs configurable (was Re: Add %r substitution for psql prompts to show recovery status)

From:	Robert Haas <robertmhaas(at)gmail(dot)com>
To:	Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
Cc:	Craig Ringer <craig(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Dave Cramer <pg(at)fastcrypt(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Tatsuo Ishii <ishii(at)sraoss(dot)co(dot)jp>, Ian Barwick <ian(dot)barwick(at)2ndquadrant(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: let's make the list of reportable GUCs configurable (was Re: Add %r substitution for psql prompts to show recovery status)
Date:	2019-11-06 16:08:51
Message-ID:	CA+TgmoYNNW47+V-jMHBJ8Wt+zP41v6uoOtFy25Mkf9P5vZ5dsg@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Tue, Nov 5, 2019 at 10:02 AM Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> wrote:
> There's a reason the SQL standard defines SET SESSION AUTHORIZATION but
> no RESET SESSION AUTHORIZATION: once you enter a security context, you
> cannot escape it. ISTM that essentially we broke feature F321 "User
> authorization" by adding RESET into the mix. (I think RESET ROLE breaks
> the spirit of feature T331 too.) The SQL:2016 standard describes how
> this is supposed to work in Foundation "4.40.1.1 SQL-session
> authorization identifiers" (same section is numbered 4.35.1.1 in
> SQL:2011), and ISTM we made a huge mess of it.
>
> I don't see how to fix it, though. If we were to adopt the standard's
> mechanism, we'd probably break tons of existing code.

It wouldn't be difficult to introduce a new protocol-level option that
prohibits RESET SESSION AUTHORIZATION; and it would also be possible
to introduce a new protocol message that has the same effect as RESET
SESSION AUTHORIZATION. If you do those two things, then it's possible
to create a sandbox which the end client cannot escape but which the
pooler can escape easily.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Re: let's make the list of reportable GUCs configurable (was Re: Add %r substitution for psql prompts to show recovery status) at 2019-11-05 15:02:31 from Alvaro Herrera

Responses

Re: let's make the list of reportable GUCs configurable (was Re: Add %r substitution for psql prompts to show recovery status) at 2019-12-29 13:35:32 from Dave Cramer

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Robert Haas	2019-11-06 16:14:10	Re: v12 and pg_restore -f-
Previous Message	Konstantin Knizhnik	2019-11-06 16:08:12	Re: [Proposal] Global temporary tables