| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Piotr Stefaniak <postgres(at)piotr-stefaniak(dot)me>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Warnings around booleans |
| Date: | 2015-08-21 18:10:57 |
| Message-ID: | 28076.1440180657@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> On Friday, August 21, 2015, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> It is not really acceptable to leave roles hanging around after "make
>> installcheck"; that would be a security hazard for the installation.
>> Please drop them.
> The only ones which were left were intentionally all NOLOGIN to address
> that concern, which I had considered. Is there another issue with them
> beyond potential login that I'm missing?
NOLOGIN addresses the most obvious abuse potential, but it hardly seems
like the only risk. And we have never yet intended the main regression
tests to serve as a testbed for "pg_dumpall -g". A bugfix commit is
not the place to start changing that policy.
(If you want to have some testing in this area, perhaps adding roles
during the pg_upgrade test would be a safer place to do it.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2015-08-21 18:28:48 | Re: More WITH |
| Previous Message | Robert Haas | 2015-08-21 18:08:36 | Re: Reduce ProcArrayLock contention |