Re: Recognizing superuser in pg_hba.conf

Поиск
Список
Период
Сортировка
От David Fetter
Тема Re: Recognizing superuser in pg_hba.conf
Дата
Msg-id 20191230192711.GP32763@fetter.org
обсуждение исходный текст
Ответ на Re: Recognizing superuser in pg_hba.conf  (Vik Fearing <vik.fearing@2ndquadrant.com>)
Список pgsql-hackers
Дерево обсуждения 
On Mon, Dec 30, 2019 at 11:56:17AM +0100, Vik Fearing wrote:
> On 29/12/2019 23:10, Vik Fearing wrote:
> > On 29/12/2019 17:31, Tom Lane wrote:
> >> Robert Haas <robertmhaas@gmail.com> writes:
> >>> On Sat, Dec 28, 2019 at 2:02 PM Vik Fearing <vik.fearing@2ndquadrant.com> wrote:
> >>>> I'm all for this (and even suggested it during the IRC conversation that
> >>>> prompted this patch). It's rife with bikeshedding, though.  My original
> >>>> proposal was to use '&' and Andrew Gierth would have used ':'.
> >>> I think this is a good proposal regardless of which character we
> >>> decide to use. My order of preference from highest-to-lowest would
> >>> probably be :*&, but maybe that's just because I'm reading this on
> >>> Sunday rather than on Tuesday.
> >> I don't have any particular objection to '&' if people prefer that.
> >
> > I wrote the patch so I got to decide. :-)  I will also volunteer to do
> > the grunt work of changing the symbol if consensus wants that, though.
> >
> >
> > It turns out that my original patch didn't really change, all the meat
> > is in the keywords patch.  The superuser patch is to be applied on top
> > of the keywords patch.
> >
> 
> I missed a few places in the tap tests.  New keywords patch attached,
> superuser patch unchanged.
> 
> -- 
> 
> Vik Fearing
> 


Patches apply cleanly to 0ce38730ac72029f3f2c95ae80b44f5b9060cbcc, and
include documentation. They could use an example of the new
capability, possibly included in the sample pg_hba.conf, e.g. 

    host    &all            &superuser      0.0.0.0/0               reject

or similar.

The feature works as described, and is useful. I have thus far been
unable to make it crash.

I haven't used intentionally hostile strings to test it, as I didn't
see those as an important attack surface. This is because by the time
someone hostile can write to pg_hba.conf, they've got all the control
they need to manipulate the entire node, including root exploits.

I've marked this as Ready for Committer.

Best,
David.
-- 
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: comment regarding double timestamps; and, infinite timestamps and NaN
Следующее
От: Pavel Stehule
Дата:
Сообщение: Re: proposal: schema variables