pgsql: Enforce superuser permissions checks during ALTER ROLE/DATABASE

Поиск
Список
Период
Сортировка
От tgl@postgresql.org (Tom Lane)
Тема pgsql: Enforce superuser permissions checks during ALTER ROLE/DATABASE
Дата
Msg-id 20100421205419.EFACB7541D0@cvs.postgresql.org
обсуждение исходный текст
Список pgsql-committers
Дерево обсуждения 
Log Message:
-----------
Enforce superuser permissions checks during ALTER ROLE/DATABASE SET, rather
than during define_custom_variable().  This entails rejecting an ALTER
command if the target variable doesn't have a known (non-placeholder)
definition, unless the calling user is superuser.  When the variable *is*
known, we can correctly apply the rule that only superusers can issue ALTER
for SUSET parameters.  This allows define_custom_variable to apply ALTER's
values for SUSET parameters at module load time, secure in the knowledge
that only a superuser could have set the ALTER value.  This change fixes a
longstanding gotcha in the usage of SUSET-level custom parameters; which
is a good thing to fix now that plpgsql defines such a parameter.

Modified Files:
--------------
    pgsql/doc/src/sgml/ref:
        alter_role.sgml (r1.16 -> r1.17)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/alter_role.sgml?r1=1.16&r2=1.17)
    pgsql/src/backend/utils/misc:
        guc.c (r1.549 -> r1.550)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/misc/guc.c?r1=1.549&r2=1.550)

В списке pgsql-committers по дате отправления:

Предыдущее
От: sriggs@postgresql.org (Simon Riggs)
Дата:
Сообщение: pgsql: Only send cleanup_info messages if VACUUM removes any tuples.
Следующее
От: Tom Lane
Дата:
Сообщение: Re: pgsql: Only send cleanup_info messages if VACUUM removes any tuples.