From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
Cc: | Andres Freund <andres(at)anarazel(dot)de>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: pgsql: Add new GUC createrole_self_grant. |
Date: | 2023-01-16 15:49:34 |
Message-ID: | CA+TgmoY8XUmXrPJ-znBxn9p68aXokYrSKZToV5AJ7cseGVV-tA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers pgsql-hackers |
On Mon, Jan 16, 2023 at 10:33 AM David G. Johnston
<david(dot)g(dot)johnston(at)gmail(dot)com> wrote:
> I’m moving on as well. Go with what you have. I have my personal understanding clarified at this point. If the docs need more work people will ask questions to help guide such work.
Yeah, I hope so.
It's becoming increasingly clear to me that we haven't put enough
effort into clarifying what I will broadly call "trust issues" in the
documentation. It's bad if you call untrusted code that runs as you,
and it's bad if code that runs as you gets called by untrusted people
for whose antics you are not sufficiently prepared, and there are a
lot of ways those things things can happen: direction function calls,
operators, triggers, row-level security, views, index or materialized
view rebuilds, etc. I think it would be good to have a general
treatment of those issues in the documentation written by a
security-conscious hacker or hackers who are really familiar both with
the behavior of the system and also able to make the security
consequences understandable to people who are not so deeply invested
in PostgreSQL. I don't want to do that on this thread, but to the
extent that you're arguing that the current treatment is inadequate,
I'm fully in agreement with that.
--
Robert Haas
EDB: http://www.enterprisedb.com
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2023-01-16 15:57:01 | pgsql: Assorted improvements to SECURITY DEFINER functions documentatio |
Previous Message | Robert Haas | 2023-01-16 15:40:11 | pgsql: More documentation update for GRANT ... WITH SET OPTION. |
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2023-01-16 16:25:03 | Re: Decoupling antiwraparound autovacuum from special rules around auto cancellation |
Previous Message | Robert Haas | 2023-01-16 15:41:44 | Re: allowing for control over SET ROLE |