Takahiro Itagaki wrote:
> KaiGai Kohei <kaigai@ak.jp.nec.com> wrote:
>
>>> we still allow "SELECT * FROM pg_largeobject" ...right?
>> It can be solved with revoking any privileges from anybody in the initdb
>> phase. So, we should inject the following statement for setup_privileges().
>>
>> REVOKE ALL ON pg_largeobject FROM PUBLIC;
>
> OK, I'll add the following description in the documentation of pg_largeobject.
>
> <structname>pg_largeobject</structname> should not be readable by the
> public, since the catalog contains data in large objects of all users.
> <structname>pg_largeobject_metadata</> is a publicly readable catalog
> that only contains identifiers of large objects.
It makes sense to me.
>> {"lo_compat_privileges", PGC_SUSET, COMPAT_OPTIONS_PREVIOUS,
>> gettext_noop("Turn on/off privilege checks on large objects."),
>
> The description is true, but gives a confusion because
> "lo_compat_privileges = on" means "privilege checks are turned off".
>
> short desc: Enables backward compatibility in privilege checks on large objects
> long desc: When turned on, privilege checks on large objects are disabled.
>
> Are those descriptions appropriate?
The long description is a bit confusable, because it does not disable all the
privilege checks, such as lo_export/lo_import which already checks superuser
privilege on execution in the earlier releases.
What's your opinion about:
long desc: When turned on, privilege checks on large objects perform with backward compatibility as 8.4.x
orearlier releases.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>
