Обсуждение: Doc typo?
While translating the manual into Japanese, I had a hard time to
parse following sentence in func.sgml:
Note that granting users the EXECUTE privilege on the
<function>pg_read_file()</function>, or related, functions allows them the
ability to read any file on the server which the database can read and
that those reads bypass all in-database privilege checks.
It seems there's an extra comma between "related" and "functions". Am I correct?
Patch attached.
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml
index b3336ea9be..aa0c4cc89d 100644
--- a/doc/src/sgml/func.sgml
+++ b/doc/src/sgml/func.sgml
@@ -20399,7 +20399,7 @@ postgres=# SELECT * FROM pg_walfile_name_offset(pg_stop_backup());
<para>
Note that granting users the EXECUTE privilege on the
- <function>pg_read_file()</function>, or related, functions allows them the
+ <function>pg_read_file()</function>, or related functions allows them the
ability to read any file on the server which the database can read and
that those reads bypass all in-database privilege checks. This means that,
among other things, a user with this access is able to read the contents of the
Tatsuo Ishii <ishii@sraoss.co.jp> writes:
> While translating the manual into Japanese, I had a hard time to
> parse following sentence in func.sgml:
> Note that granting users the EXECUTE privilege on the
> <function>pg_read_file()</function>, or related, functions allows them the
> ability to read any file on the server which the database can read and
> that those reads bypass all in-database privilege checks.
> It seems there's an extra comma between "related" and "functions". Am I correct?
I'd move the comma not remove it; and I think "the pg_read_file()" is
pretty bad English too. So perhaps
Note that granting users the EXECUTE privilege on
<function>pg_read_file()</function>, or related functions, allows them the
ability to read any file on the server which the database can read and
that those reads bypass all in-database privilege checks.
regards, tom lane
On Tue, Dec 18, 2018 at 06:16:14PM -0500, Tom Lane wrote:
> Tatsuo Ishii <ishii@sraoss.co.jp> writes:
> > While translating the manual into Japanese, I had a hard time to
> > parse following sentence in func.sgml:
>
> > Note that granting users the EXECUTE privilege on the
> > <function>pg_read_file()</function>, or related, functions allows them the
> > ability to read any file on the server which the database can read and
> > that those reads bypass all in-database privilege checks.
>
> > It seems there's an extra comma between "related" and "functions". Am I correct?
>
> I'd move the comma not remove it; and I think "the pg_read_file()" is
> pretty bad English too. So perhaps
>
> Note that granting users the EXECUTE privilege on
> <function>pg_read_file()</function>, or related functions, allows them the
> ability to read any file on the server which the database can read and
> that those reads bypass all in-database privilege checks.
Maintaining parallelism:
Note that granting users the EXECUTE privilege on
<function>pg_read_file()</function>, or on related functions, allows them the
ability to read any file on the server which the database can read and
that those reads bypass all in-database privilege checks.
Is there a useful distinction to be drawn between the files readable
by the system user who owns the database and those the database itself
can read?
Best,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate
David Fetter <david@fetter.org> writes:
> Is there a useful distinction to be drawn between the files readable
> by the system user who owns the database and those the database itself
> can read?
Probably not. It's possible to create such a distinction with SELinux
or other security tools, but not in plain Unix, and I don't think we
want to wade into non-standard stuff.
regards, tom lane
>> It seems there's an extra comma between "related" and "functions". Am I correct? > > I'd move the comma not remove it; and I think "the pg_read_file()" is > pretty bad English too. So perhaps > > Note that granting users the EXECUTE privilege on > <function>pg_read_file()</function>, or related functions, allows them the > ability to read any file on the server which the database can read and > that those reads bypass all in-database privilege checks. Thanks. I will commit this. Best regards, -- Tatsuo Ishii SRA OSS, Inc. Japan English: http://www.sraoss.co.jp/index_en.php Japanese:http://www.sraoss.co.jp
>> I'd move the comma not remove it; and I think "the pg_read_file()" is >> pretty bad English too. So perhaps >> >> Note that granting users the EXECUTE privilege on >> <function>pg_read_file()</function>, or related functions, allows them the >> ability to read any file on the server which the database can read and >> that those reads bypass all in-database privilege checks. > > Thanks. I will commit this. Done. Best regards, -- Tatsuo Ishii SRA OSS, Inc. Japan English: http://www.sraoss.co.jp/index_en.php Japanese:http://www.sraoss.co.jp