From: | David Steele <david(at)pgmasters(dot)net> |
---|---|
To: | Michael Paquier <michael(at)paquier(dot)xyz> |
Cc: | Andres Freund <andres(at)anarazel(dot)de>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, Adam Brightwell <adam(dot)brightwell(at)crunchydata(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, "Tsunakawa, Takayuki" <tsunakawa(dot)takay(at)jp(dot)fujitsu(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: PATCH: Configurable file mode mask |
Date: | 2018-03-05 20:25:49 |
Message-ID: | e5c8cc73-6a04-8cab-c29f-70896f481435@pgmasters.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 3/1/18 11:18 PM, Michael Paquier wrote:
>
> Based on my recent lookup at code level for this feature, the patch for
> pg_resetwal (which could have been discussed on its own thread as well),
> would be fine for commit. The thing could be extended a bit more but
> there is nothing opposing even a basic test suite to be in.
There are no core changes, so it doesn't seem like the tests can hurt
anything.
> Then you
> have a set of refactoring patches, which still need some work.
New patches posted today, hopefully those address most of your concerns.
> And
> finally there is a rather invasive patch on top of the whole thing.
I'm not sure if I would call it invasive since it's an optional feature
that is off by default. Honestly, I think the refactor in 02 is more
likely to cause problems even if the goal there is *not* to change the
behavior.
> The
> refactoring work shows much more value only after the main feature is
> in, still I think that unifying the default permissions allowed for
> files and directories, as well as mkdir() calls has some value in
> itself to think it as an mergeable, independent, change.
I agree.
> I think that
> it would be hard to get the whole patch set into the tree by the end of
> the CF though
I hope it does make it, it's a pretty big win for security.
> but cutting the refactoring pieces would be doable. At
> least it would provide some base for integration in v12. And the
> refactoring patch has some pieces that would be helpful for TAP tests as
> well.
I've gone pretty big on tests in this patch because I recognize it is a
pretty fundamental behavior change.
Thanks,
--
-David
david(at)pgmasters(dot)net
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2018-03-05 20:36:47 | Re: postgres_fdw: perform UPDATE/DELETE .. RETURNING on a join directly |
Previous Message | Pavel Stehule | 2018-03-05 20:25:09 | Re: pg_get_functiondef forgets about most GUC_LIST_INPUT GUCs |