pgsql: Use GRANT system to manage access to sensitive functions

Поиск
Список
Период
Сортировка
От Stephen Frost
Тема pgsql: Use GRANT system to manage access to sensitive functions
Дата
Msg-id E1anz15-0007q0-Da@gemulon.postgresql.org
обсуждение исходный текст
Ответы Re: pgsql: Use GRANT system to manage access to sensitive functions  (Michael Paquier <michael.paquier@gmail.com>)
Re: pgsql: Use GRANT system to manage access to sensitive functions  (Tom Lane <tgl@sss.pgh.pa.us>)
Re: pgsql: Use GRANT system to manage access to sensitive functions  (Fujii Masao <masao.fujii@gmail.com>)
Список pgsql-committers
Дерево обсуждения 
Use GRANT system to manage access to sensitive functions

Now that pg_dump will properly dump out any ACL changes made to
functions which exist in pg_catalog, switch to using the GRANT system
to manage access to those functions.

This means removing 'if (!superuser()) ereport()' checks from the
functions themselves and then REVOKEing EXECUTE right from 'public' for
these functions in system_views.sql.

Reviews by Alexander Korotkov, Jose Luis Tallon

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/1574783b4ced0356fbc626af1a1a469faa6b41e1

Modified Files
--------------
doc/src/sgml/backup.sgml               |  8 +++--
doc/src/sgml/func.sgml                 | 19 ++++++------
doc/src/sgml/monitoring.sgml           | 12 +++++---
src/backend/access/transam/xlogfuncs.c | 56 +++++++++++++---------------------
src/backend/catalog/system_views.sql   | 21 +++++++++++++
src/backend/postmaster/pgstat.c        | 24 ++++++---------
src/backend/utils/adt/misc.c           | 16 ++++------
7 files changed, 81 insertions(+), 75 deletions(-)

В списке pgsql-committers по дате отправления:

Предыдущее
От: Stephen Frost
Дата:
Сообщение: pgsql: In pg_dump, include pg_catalog and extension ACLs, if changed
Следующее
От: Stephen Frost
Дата:
Сообщение: pgsql: In pg_dump, split "dump" into "dump" and "dump_contains"