Re: pg_parameter_aclcheck() and trusted extensions

Поиск
Список
Период
Сортировка
От Michael Paquier
Тема Re: pg_parameter_aclcheck() and trusted extensions
Дата
Msg-id YsYxEtX8zOYKf3Ru@paquier.xyz
обсуждение исходный текст
Ответ на pg_parameter_aclcheck() and trusted extensions  (Nathan Bossart <nathandbossart@gmail.com>)
Ответы Re: pg_parameter_aclcheck() and trusted extensions  (Tom Lane <tgl@sss.pgh.pa.us>)
Re: pg_parameter_aclcheck() and trusted extensions  (Nathan Bossart <nathandbossart@gmail.com>)
Список pgsql-hackers
Дерево обсуждения 
On Wed, Jul 06, 2022 at 03:47:27PM -0700, Nathan Bossart wrote:
> I think the call to superuser_arg() in pg_parameter_aclmask() is causing
> set_config_option() to bypass the normal privilege checks, as
> execute_extension_script() will have set the user ID to the bootstrap
> superuser for trusted extensions like plperl.  I don't have a patch or a
> proposal at the moment, but I thought it was worth starting the discussion.

Looks like a bug to me, so I have added an open item assigned to Tom.
--
Michael
Вложения

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Michael Paquier
Дата:
Сообщение: Re: defGetBoolean - Fix comment
Следующее
От: Michael Paquier
Дата:
Сообщение: Re: Fix unnecessary includes and comments in 019_replslot_limit.pl, 007_wal.pl and 004_timeline_switch.pl