Re: [PATCHES] Configuration patch - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: [PATCHES] Configuration patch
Date
Msg-id 200406182020.i5IKKDW03249@candle.pha.pa.us
Whole thread Raw
In response to Re: [PATCHES] Configuration patch  (pgsql@mohawksoft.com)
List pgsql-hackers
Mark (see I remembered your name), where are we on this patch?  It needs
docs and include has to be redone.  Should I remove the include part of
the patch, add docs, and apply it?

---------------------------------------------------------------------------

pgsql@mohawksoft.com wrote:
> >
> > Where are we on this?
> 
> That's a good question.
> 
> Tom doesn't like the syntax of "include" and there are a couple bugs he is
> concered it.
> 
> I'm pretty agnostic about the syntax, but I wouldn't get overly worried
> about the metaphor presented either.
> 
> "include='...'" doesn't bother me at all, but some people have a problem
> with it.
> 
> Then there is the design of using a callable function for a configuration
> parameter, personally, I think this feature is useful for the future, Tom
> seems to have a problem it it.
> 
> After that, the discussion sort of ends.
> 
> 
> I'm willing to adress the bugs.
> I don't think the syntax is a huge deal, IMHO at most it is a
> documentation problem.
> 
> >
> > ---------------------------------------------------------------------------
> >
> > Tom Lane wrote:
> >> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> >> > One interesting idea would be for "SET include" to work like this:
> >> >     SET include '/var/run/xx'
> >> > Notice there is no equals here.  This would allow users to create
> >> files
> >> > with various settings and enable them all with one SET command.
> >> > However, this does open a security issue.
> >>
> >> More than one, in fact.  In the first place, as the code presently
> >> works, anything coming in from the file would be treated on an equal
> >> footing with values sourced from postgresql.conf, thereby allowing
> >> unprivileged users to set things they shouldn't.  This is potentially
> >> fixable, but the other issue isn't: such a facility would allow anyone
> >> to ask the backend to read any file the Postgres user account can
> >> access.  Not very successfully, perhaps, but even the error messages
> >> might give useful info about the file's contents to an attacker.  This
> >> is the same reason that "COPY FROM file" is a privileged operation.
> >>
> >> I think it's important that include be restricted to appear only in
> >> config files, and not be in any way shape or form a SETtable thing.
> >>
> >> > In summary, I think we need to treat include specially in
> >> > postgresql.conf (no equals) and remove it as an actual GUC parameter
> >> and
> >> > just have it do includes immediately.  (This will probably require
> >> > special-casing it in the guc-file grammar.)
> >>
> >> Yes.  In fact, it'll be a less-than-trivial change in guc-file, at least
> >> if you want the thing to act intuitively (that is, "include" acts like
> >> the target file is actually included right here).  This will mean
> >> splitting ProcessConfigFile into a recursive read step followed by a
> >> nonrecursive apply step.  Also, I think that invoking the flex lexer
> >> recursively will take a little bit of work.
> >>
> >> I would suggest splitting the patch into two separate patches, one that
> >> handles "include" and one that handles the other changes.  The other
> >> stuff is reasonably close to being ready to apply (modulo docs and
> >> fixing the standalone-backend case), but "include" I think is still a
> >> ways off.
> >>
> >>             regards, tom lane
> >>
> >
> > --
> >   Bruce Momjian                        |  http://candle.pha.pa.us
> >   pgman@candle.pha.pa.us               |  (610) 359-1001
> >   +  If your life is a hard drive,     |  13 Roberts Road
> >   +  Christ can be your backup.        |  Newtown Square, Pennsylvania
> > 19073
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 9: the planner will ignore your desire to choose an index scan if your
> >       joining column's datatypes do not match
> >
> 
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 9: the planner will ignore your desire to choose an index scan if your
>       joining column's datatypes do not match
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073
 


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Timestamp format question
Next
From: Carlos Guzmán Álvarez
Date:
Subject: Re: Timestamp format question