From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com>, Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Jeff Davis <pgsql(at)j-davis(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Joe Conway <joe(at)crunchydata(dot)com> |
Subject: | Re: Granting SET and ALTER SYSTE privileges for GUCs |
Date: | 2022-03-30 15:51:05 |
Message-ID: | CAKFQuwa2dZx5h=XSGPb3kBpHHMcLvkdpm-xcUnqVpnMP1yAZfg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Mar 30, 2022 at 8:46 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> I don't want to do that with
> a blunderbuss, but perhaps there's an argument to do it for specific
> cases (search_path comes to mind, though the performance cost could be
> significant, since I think setting that in function SET clauses is
> common).
>
I suspect it became considerably moreso when we fixed the search_path CVE
since we basically told people that doing so, despite the possible
performance hit, was the easiest solution to their immediate dump/restore
failures. But ISTM that because that SET has a function invocation context
it could bypass any such check. Though maybe the DO command exposes a flaw
in that idea.
David J.
From | Date | Subject | |
---|---|---|---|
Next Message | Greg Stark | 2022-03-30 15:51:53 | Re: Frontend error logging style |
Previous Message | Andres Freund | 2022-03-30 15:50:17 | Re: Adding CI to our tree |