| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Daniel Gustafsson <daniel(at)yesql(dot)se>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, Andres Freund <andres(at)anarazel(dot)de> |
| Subject: | Re: DROP OWNED BY fails to clean out pg_init_privs grants |
| Date: | 2024-04-30 04:00:20 |
| Message-ID: | CAKFQuwajB+mm5zK9JGzqoGdZmm+1D5PWoqcd83Rs2g3Dn9b9=g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Monday, April 29, 2024, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
> >> On 28 Apr 2024, at 20:52, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
>
> >> This is of course not bulletproof: with a sufficiently weird
> >> bootstrap superuser name, we could get false matches to parts
> >> of "regress_dump_test_role" or to privilege strings. That
> >> seems unlikely enough to live with, but I wonder if anybody has
> >> a better idea.
>
> > I think that will be bulletproof enough to keep it working in the
> buildfarm and
> > among 99% of hackers.
>
> It occurred to me to use "aclexplode" to expand the initprivs, and
> then we can substitute names with simple equality tests. The test
> query is a bit more complicated, but I feel better about it.
>
My solution to this was to rely on the fact that the bootstrap superuser is
assigned OID 10 regardless of its name.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Richard Guo | 2024-04-30 04:06:42 | Re: Eager aggregation, take 3 |
| Previous Message | Kashif Zeeshan | 2024-04-30 03:59:38 | Re: Help update PostgreSQL 13.12 to 13.14 |