| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Protection of debugging options |
| Date: | 2000-06-06 16:07:44 |
| Message-ID: | Pine.LNX.4.21.0006061615560.3957-100000@localhost.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Every Joe User can currently run
env PGOPTIONS='-d99 -tpa -tpl -te' psql
and stuff the server log with relative garbage that he will never be able
to see anyway.
As I don't believe it feasible to do superuser checking before the options
parsing it seems to me that these option in particular (and -s as well)
need to be "secure". Those desiring to diagnose transient problems can use
SET debug_level, etc. which does have a superuser check in place. For
permanent debug level changes there's of course this shiny new
configuration file and the HUP signal.
Comments?
--
Peter Eisentraut Sernanders väg 10:115
peter_e(at)gmx(dot)net 75262 Uppsala
http://yi.org/peter-e/ Sweden
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2000-06-06 16:07:52 | Re: day of week |
| Previous Message | Bruce Momjian | 2000-06-06 16:07:02 | Re: Odd release numbers for development versions? |