Home > mailing lists

Re: [HACKERS] pg_ls_dir & friends still have a hard-coded superuser check - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [HACKERS] pg_ls_dir & friends still have a hard-coded superuser check
Date	January 27, 2017 20:42:15
Msg-id	29699.1485528135@sss.pgh.pa.us Whole thread Raw
In response to	Re: [HACKERS] pg_ls_dir & friends still have a hard-coded superuser check (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: [HACKERS] pg_ls_dir & friends still have a hard-coded superuser check (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

Robert Haas <robertmhaas@gmail.com> writes:
> The problem is if the interpretation functions aren't completely
> bulletproof, they might do things like crash the server if you use
> them to read a corrupt page.  That is not any more appealing if you
> happen to be running as superuser() than otherwise.

I'm not aware that they're likely to crash the server, and if they
are, so would any regular access to the page in question.  The
things we were worried about were more along the lines of unexpected
information disclosure.

This is not to say that I'm against making those functions more
bulletproof.  I'm just saying that I find little point in reducing
their superuser checks if we can't get rid of the one in get_raw_page.
        regards, tom lane

pgsql-hackers by date:

From: Alvaro Herrera
Date: 27 January 2017, 20:40:55
Subject: Re: [HACKERS] WIP: About CMake v2

From: Thomas Kellerer
Date: 27 January 2017, 20:52:07
Subject: Re: [HACKERS] GSoC 2017

Re: [HACKERS] pg_ls_dir & friends still have a hard-coded superuser check - Mailing list pgsql-hackers

Previous

Next