Quick Links

Re: pg_parameter_aclcheck() and trusted extensions

From:	Michael Paquier <michael(at)paquier(dot)xyz>
To:	Nathan Bossart <nathandbossart(at)gmail(dot)com>
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: pg_parameter_aclcheck() and trusted extensions
Date:	2022-07-07 01:04:18
Message-ID:	YsYxEtX8zOYKf3Ru@paquier.xyz
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Wed, Jul 06, 2022 at 03:47:27PM -0700, Nathan Bossart wrote:
> I think the call to superuser_arg() in pg_parameter_aclmask() is causing
> set_config_option() to bypass the normal privilege checks, as
> execute_extension_script() will have set the user ID to the bootstrap
> superuser for trusted extensions like plperl. I don't have a patch or a
> proposal at the moment, but I thought it was worth starting the discussion.

Looks like a bug to me, so I have added an open item assigned to Tom.
--
Michael

In response to

pg_parameter_aclcheck() and trusted extensions at 2022-07-06 22:47:27 from Nathan Bossart

Responses

Re: pg_parameter_aclcheck() and trusted extensions at 2022-07-07 16:41:00 from Tom Lane
Re: pg_parameter_aclcheck() and trusted extensions at 2022-07-07 16:49:21 from Nathan Bossart

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Michael Paquier	2022-07-07 01:24:40	Re: Fix unnecessary includes and comments in 019_replslot_limit.pl, 007_wal.pl and 004_timeline_switch.pl
Previous Message	Michael Paquier	2022-07-07 00:54:24	Re: defGetBoolean - Fix comment