Re: Granting SET and ALTER SYSTE privileges for GUCs - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Granting SET and ALTER SYSTE privileges for GUCs
Date
Msg-id 666648.1647457564@sss.pgh.pa.us
Whole thread Raw
In response to Re: Granting SET and ALTER SYSTE privileges for GUCs  (Mark Dilger <mark.dilger@enterprisedb.com>)
Responses Re: Granting SET and ALTER SYSTE privileges for GUCs
List pgsql-hackers
Mark Dilger <mark.dilger@enterprisedb.com> writes:
> On Mar 16, 2022, at 11:47 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> ... I therefore judge the
>> hook calls added to ExecSetVariableStmt and AlterSystemSetConfigFile
>> to be 100% useless, in fact probably counterproductive because they
>> introduce a boatload of worries about whether the right things happen
>> if the hook errors out or does something guc.c isn't expecting.

> I think Joshua was planning to use these hooks for security purposes.  The hooks are supposed to check whether the
Oidis valid, and if not, still be able to make choices based on the other information.  Joshua, any comment on this? 

It's going to be hard to do anything useful in a hook that (a) does
not know which GUC is being assigned to and (b) cannot do catalog
accesses for fear that we're not inside a transaction.  (b), in
particular, seems like a rather thorough API break; up to now
ObjectPostAlter hooks could assume that catalog accesses are OK.

            regards, tom lane



pgsql-hackers by date:

Previous
From: Joshua Brindle
Date:
Subject: Re: Granting SET and ALTER SYSTE privileges for GUCs
Next
From: Alvaro Herrera
Date:
Subject: Re: support for MERGE