From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: pg_parameter_aclcheck() and trusted extensions |
Date: | 2022-07-07 18:40:01 |
Message-ID: | 20220707184001.GA2255643@nathanxps13 |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, Jul 07, 2022 at 12:41:00PM -0400, Tom Lane wrote:
> Yeah. So the fix here seems pretty obvious: rather than applying the
> permissions check using bare GetUserId(), we need to remember the role
> OID that originally applied the setting, and use that.
Please ignore my previous message. This makes sense.
> The problem with this sketch is that
>
> (1) we need an OID field in struct config_generic, as well as GucStack,
> which means an ABI break for any extensions that look directly at GUC
> records. There probably aren't many, but ...
>
> (2) we need an additional parameter to set_config_option, which
> again is a compatibility break for anything calling that directly.
> There surely are such callers --- our own extensions do it.
>
> Can we get away with doing these things in beta3? We could avoid
> breaking (2) in the v15 branch by making set_config_option into
> a wrapper around set_config_option_ext, or something like that;
> but the problem with struct config_generic seems inescapable.
> (Putting the new field at the end would solve nothing, since
> config_generic is embedded into larger structs.)
>
> The alternative to API/ABI breaks seems to be to revert the
> feature, which would be sad.
I personally lean more towards the compatibility break than reverting the
feature. There are still a couple of months before 15.0, and I suspect it
won't be too difficult to fix any extensions that break because of this.
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
From | Date | Subject | |
---|---|---|---|
Next Message | Justin Pryzby | 2022-07-07 18:44:10 | Re: pg15b2: large objects lost on upgrade |
Previous Message | Robert Haas | 2022-07-07 18:38:44 | Re: pg15b2: large objects lost on upgrade |