Home > mailing lists

Re: Non-superuser subscription owners - Mailing list pgsql-hackers

From	Andres Freund
Subject	Re: Non-superuser subscription owners
Date	March 8, 2023 22:47:43
Msg-id	20230308194743.23rmgjgwahh4i4rg@awork3.anarazel.de Whole thread Raw
In response to	Re: Non-superuser subscription owners (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: Non-superuser subscription owners (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

Hi,

On 2023-02-07 16:56:55 -0500, Robert Haas wrote:
> On Wed, Feb 1, 2023 at 4:02 PM Andres Freund <andres@anarazel.de> wrote:
> > > +     /* Is the use of a password mandatory? */
> > > +     must_use_password = MySubscription->passwordrequired &&
> > > +             !superuser_arg(MySubscription->owner);
> >
> > There's a few repetitions of this - perhaps worth putting into a helper?
> 
> I don't think so. It's slightly different each time, because it's
> pulling data out of different data structures.
> 
> > This still leaks the connection on error, no?
> 
> I've attempted to fix this in v4, attached.

Hm - it still feels wrong that we error out in case of failure, despite the
comment to the function saying:
 * Returns NULL on error and fills the err with palloc'ed error message.

Other than this, the change looks ready to me.

Greetings,

Andres Freund

pgsql-hackers by date:

From: Robert Haas
Date: 08 March 2023, 22:40:42
Subject: Re: postgres_fdw, dblink, and CREATE SUBSCRIPTION security

From: Nathan Bossart
Date: 08 March 2023, 23:11:14
Subject: Re: Add error functions: erf() and erfc()

Re: Non-superuser subscription owners - Mailing list pgsql-hackers

Previous

Next