Home > mailing lists

Re: Allowing to create LEAKPROOF functions to non-superuser - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Allowing to create LEAKPROOF functions to non-superuser
Date	April 12, 2021 23:37:01
Msg-id	3043049.1618259821@sss.pgh.pa.us Whole thread Raw
In response to	Allowing to create LEAKPROOF functions to non-superuser (Andrey Borodin <x4mmm@yandex-team.ru>)
Responses	Re: Allowing to create LEAKPROOF functions to non-superuser Re: Allowing to create LEAKPROOF functions to non-superuser Re: Allowing to create LEAKPROOF functions to non-superuser
List	pgsql-hackers

Tree view

Andrey Borodin <x4mmm@yandex-team.ru> writes:
> Currently only superuser is allowed to create LEAKPROOF functions because leakproof functions can see tuples which
havenot yet been filtered out by security barrier views or row level security policies. 

Yeah.

> But managed cloud services typically do not provide superuser roles.

This is not a good argument for relaxing superuser requirements.

            regards, tom lane

pgsql-hackers by date:

From: Andrey Borodin
Date: 12 April 2021, 23:31:30
Subject: Allowing to create LEAKPROOF functions to non-superuser

From: Andres Freund
Date: 12 April 2021, 23:40:46
Subject: Re: PANIC: wrong buffer passed to visibilitymap_clear

Re: Allowing to create LEAKPROOF functions to non-superuser - Mailing list pgsql-hackers

Previous

Next