Home > mailing lists

Re: ALTER ROLE/DATABASE RESET ALL versus security - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: ALTER ROLE/DATABASE RESET ALL versus security
Date	March 18, 2010 16:00:03
Msg-id	11780.1268927987@sss.pgh.pa.us Whole thread Raw
In response to	Re: ALTER ROLE/DATABASE RESET ALL versus security (Alvaro Herrera <alvherre@commandprompt.com>)
Responses	Re: ALTER ROLE/DATABASE RESET ALL versus security
List	pgsql-hackers

Tree view

Alvaro Herrera <alvherre@commandprompt.com> writes:
> I have come up with the attached patch.  I haven't tested it fully yet,
> and I need to backport it.  The gist of it is: we can't simply remove
> the pg_db_role_setting tuple, we need to ask GUC to reset the settings
> array, for which it checks superuser-ness on each setting.

I think you still want to have a code path whereby the tuple will be
deleted once the array is empty.  Failing to check that is inefficient
and also exposes clients such as pg_dump to corner case bugs.
        regards, tom lane

pgsql-hackers by date:

From: Chris Browne
Date: 18 March 2010, 15:57:44
Subject: Re: An idle thought

From: Pavel Stehule
Date: 18 March 2010, 16:05:37
Subject: Re: WIP: shared ispell dictionary

Re: ALTER ROLE/DATABASE RESET ALL versus security - Mailing list pgsql-hackers

Previous

Next