Home > mailing lists

Re: Allowing to create LEAKPROOF functions to non-superuser - Mailing list pgsql-hackers

From	Andres Freund
Subject	Re: Allowing to create LEAKPROOF functions to non-superuser
Date	April 13, 2021 00:01:47
Msg-id	20210412210147.jpn3gcgfgpdcrc43@alap3.anarazel.de Whole thread Raw
In response to	Re: Allowing to create LEAKPROOF functions to non-superuser (Andrey Borodin <x4mmm@yandex-team.ru>)
Responses	Re: Allowing to create LEAKPROOF functions to non-superuser (Andrey Borodin <x4mmm@yandex-team.ru>) Re: Allowing to create LEAKPROOF functions to non-superuser (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Hi,

On 2021-04-12 23:51:02 +0300, Andrey Borodin wrote:
> Do I risk having some extra superusers in my installation if I allow
> everyone to create LEAKPROOF functions?

I think that depends on what you define "superuser" to exactly
be. Defining it as "has a path to executing arbitrary native code", I
don't think, if implemented sensibly, allowing to set LEAKPROOF on new
functions would equate superuser permissions. But you soon after might
hit further limitations where lifting them would have such a risk,
e.g. defining new types with in/out functions.

Greetings,

Andres Freund

pgsql-hackers by date:

From: Andrey Borodin
Date: 12 April 2021, 23:59:53
Subject: Re: Allowing to create LEAKPROOF functions to non-superuser

From: Andrey Borodin
Date: 13 April 2021, 00:10:35
Subject: Re: Allowing to create LEAKPROOF functions to non-superuser

Re: Allowing to create LEAKPROOF functions to non-superuser - Mailing list pgsql-hackers

Previous

Next