Re: [HACKERS] pg_ls_dir & friends still have a hard-coded superuser check - Mailing list pgsql-hackers

From Tom Lane
Subject Re: [HACKERS] pg_ls_dir & friends still have a hard-coded superuser check
Date
Msg-id 29699.1485528135@sss.pgh.pa.us
Whole thread Raw
In response to Re: [HACKERS] pg_ls_dir & friends still have a hard-coded superuser check  (Robert Haas <robertmhaas@gmail.com>)
Responses Re: [HACKERS] pg_ls_dir & friends still have a hard-coded superuser check
List pgsql-hackers
Robert Haas <robertmhaas@gmail.com> writes:
> The problem is if the interpretation functions aren't completely
> bulletproof, they might do things like crash the server if you use
> them to read a corrupt page.  That is not any more appealing if you
> happen to be running as superuser() than otherwise.

I'm not aware that they're likely to crash the server, and if they
are, so would any regular access to the page in question.  The
things we were worried about were more along the lines of unexpected
information disclosure.

This is not to say that I'm against making those functions more
bulletproof.  I'm just saying that I find little point in reducing
their superuser checks if we can't get rid of the one in get_raw_page.
        regards, tom lane



pgsql-hackers by date:

Previous
From: Alvaro Herrera
Date:
Subject: Re: [HACKERS] WIP: About CMake v2
Next
From: Thomas Kellerer
Date:
Subject: Re: [HACKERS] GSoC 2017