Re: Allowing to create LEAKPROOF functions to non-superuser

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Andrey Borodin <x4mmm(at)yandex-team(dot)ru>
Cc: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Allowing to create LEAKPROOF functions to non-superuser
Date: 2021-04-12 20:37:01
Message-ID: 3043049.1618259821@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Andrey Borodin <x4mmm(at)yandex-team(dot)ru> writes:
> Currently only superuser is allowed to create LEAKPROOF functions because leakproof functions can see tuples which have not yet been filtered out by security barrier views or row level security policies.

Yeah.

> But managed cloud services typically do not provide superuser roles.

This is not a good argument for relaxing superuser requirements.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2021-04-12 20:40:46 Re: PANIC: wrong buffer passed to visibilitymap_clear
Previous Message Andrey Borodin 2021-04-12 20:31:30 Allowing to create LEAKPROOF functions to non-superuser