From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Marko Kreen <marko(at)l-t(dot)ee> |
Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, pgsql-patches(at)postgresql(dot)org |
Subject: | Re: use GUC for cmdline |
Date: | 2001-06-21 22:23:03 |
Message-ID: | 22930.993162183@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-patches |
Marko Kreen <marko(at)l-t(dot)ee> writes:
>> No. PGC_BACKEND settings have no permission check, because users can pass
>> them in from the client with the PGOPTIONS environment variable. The fix
>> might involve a non-trivial rearrangement of the way PGOPTIONS is
>> processed (might be impossible, because PGC_BACKEND might be useless if
>> the setting will only happen after the first table access (pg_shadow)) or
>> another context level (might be too much work for one case). At the
>> moment you might want to just cheat and fix the context at PGC_POSTMASTER
>> for this particular case.
> Do you mean following?
> if (DebugLvl >= 1);
> - SetConfigOption("log_connections", tmp, ctx, true);
> + SetConfigOption("log_connections", tmp, PGC_POSTMASTER, true);
In this particular case, there is no reason for log_connections to be
restricted that I can see --- it's a pretty harmless switch. I'd
recommend downgrading its PGC restriction level to BACKEND.
BTW, *please* remove the bogus ';' on the if() line.
> if (secure)
> - SetConfigOption("fsync", "false", ctx, true);
> + SetConfigOption("fsync", "false", PGC_POSTMASTER, true);
This seems like an appropriate fix. I would recommend doing the same
with all the option switch settings that are protected with "if
(secure)". This is not a hack: essentially it says we will treat
options passed to the postmaster with -o as postmaster-time options.
Note that the above change for log_connections is shown to be wrong
by this same logic, because -d is *not* a secure switch. If you do want
to keep log_connections protected against being set by mere users,
then the appropriate coding would be
if (DebugLvl >= 1 && secure)
SetConfigOption("log_connections", tmp, PGC_POSTMASTER, true);
if (DebugLvl >= 2)
SetConfigOption("debug_print_query", tmp, ctx, true);
... etc ...
but again, I don't see a rationale for this restriction.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2001-06-21 22:23:58 | Re: [ADMIN] High memory usage [PATCH] |
Previous Message | Bruce Momjian | 2001-06-21 18:54:45 | Re: [Help] Temporary Table: Implicitely created index not shown in \d i |