| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Use GRANT system to manage access to sensitive functions |
| Date: | 2016-04-07 01:45:51 |
| Message-ID: | E1anz15-0007q0-Da@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
Use GRANT system to manage access to sensitive functions
Now that pg_dump will properly dump out any ACL changes made to
functions which exist in pg_catalog, switch to using the GRANT system
to manage access to those functions.
This means removing 'if (!superuser()) ereport()' checks from the
functions themselves and then REVOKEing EXECUTE right from 'public' for
these functions in system_views.sql.
Reviews by Alexander Korotkov, Jose Luis Tallon
Branch
------
master
Details
-------
http://git.postgresql.org/pg/commitdiff/1574783b4ced0356fbc626af1a1a469faa6b41e1
Modified Files
--------------
doc/src/sgml/backup.sgml | 8 +++--
doc/src/sgml/func.sgml | 19 ++++++------
doc/src/sgml/monitoring.sgml | 12 +++++---
src/backend/access/transam/xlogfuncs.c | 56 +++++++++++++---------------------
src/backend/catalog/system_views.sql | 21 +++++++++++++
src/backend/postmaster/pgstat.c | 24 ++++++---------
src/backend/utils/adt/misc.c | 16 ++++------
7 files changed, 81 insertions(+), 75 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2016-04-07 01:59:43 | Re: pgsql: Use GRANT system to manage access to sensitive functions |
| Previous Message | Magnus Hagander | 2016-04-06 16:41:46 | Re: pgsql: Implement backup API functions for non-exclusive backups |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2016-04-07 01:58:50 | Re: Move PinBuffer and UnpinBuffer to atomics |
| Previous Message | David Rowley | 2016-04-07 01:07:32 | Re: Performance improvement for joins where outer side is unique |