Julien Rouhaud <rjuju123@gmail.com> writes:
> On Sun, Jun 06, 2021 at 03:53:10PM +0900, Michael Paquier wrote:
>> It seems to me that we had better check for a superuser at the
>> beginning of the function, like in the attached.
> However +1 for the patch, as it seems more consistent to always get a
> permission failure if you're not a superuser.
Yeah, it's just weird if such a check is not the first thing
in the function. Even if you can convince yourself that the
actions taken before that don't create any security issue today,
it's not hard to imagine that innocent future code rearrangements
could break that argument. What's the value of postponing the
check anyway?
regards, tom lane