Re: ALTER USER SET log_* not allowed... - Mailing list pgsql-bugs

From Bruce Momjian
Subject Re: ALTER USER SET log_* not allowed...
Date
Msg-id 200411102338.iAANch726421@candle.pha.pa.us
Whole thread Raw
In response to Re: ALTER USER SET log_* not allowed...  (Andrew McMillan <andrew@catalyst.net.nz>)
Responses Re: ALTER USER SET log_* not allowed...
List pgsql-bugs
Andrew McMillan wrote:
-- Start of PGP signed section.
> On Tue, 2004-11-09 at 13:58 -0500, Tom Lane wrote:
> >
> > Bruce and I were chatting about this on the phone today, and we were
> > seriously considering a more radical proposal: get rid of the whole
> > concept of USERLIMIT variables, and make the logging variables be plain
> > SUSET (ie, only superusers can change 'em).  This would eliminate the
> > current ability of a non-superuser to increase the logging verbosity
> > of his session, but it's not real clear that that's such a good idea
> > anyway.  (Cranking the log verbosity up far past what the DBA wants
> > could be seen as a primitive form of DOS attack; and anyway, if you are
> > not a superuser then you can't see what's in the log, so why should
> > you care what the verbosity is, much less be able to affect it?)  Given
> > the code complexity of the USERLIMIT stuff and the number of bugs
> > already found in it, getting rid of it seems awfully attractive.
>
> The current functionality could be useful inside particular code paths
> of an application, where you want to increase the log verbosity in a
> particular part of the code, when it (unpredictably) happens, without
> nuking the logs entirely.
>
> Of course you are superuser when you review such logs, but I wouldn't
> usually want the db connection from the application to have to run as
> superuser if I could help it...  especially not a web application.

As much as I would like the URERLIMIT hacks removed for 8.0 I am thinking
we are too far along in release and don't have enough time to figure out
how to do the security definer function cleanly.  I am thinking we
should wait for 8.1 and maybe have the USERLIMIT capability integrated
intot a security definer capability function we ship with our code.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

pgsql-bugs by date:

Previous
From: Simon Riggs
Date:
Subject: Missing Tablespace link error message misleading
Next
From: Tom Lane
Date:
Subject: Re: ALTER USER SET log_* not allowed...