Home > mailing lists

pgsql: Document changes in large-object privilege checking. - Mailing list pgsql-committers

From	Tom Lane
Subject	pgsql: Document changes in large-object privilege checking.
Date	November 14, 2017 23:33:15
Msg-id	E1eEf5H-0001dC-Hs@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Document changes in large-object privilege checking.

Commit 5ecc0d738 removed the hard-wired superuser checks in lo_import
and lo_export in favor of protecting them with SQL permissions, but
failed to adjust the documentation to match.  Fix that, and add a
<caution> paragraph pointing out the nontrivial security hazards
involved with actually granting such permissions.  (It's still better
than ALLOW_DANGEROUS_LO_FUNCTIONS, though.)

Also, commit ae20b23a9 caused large object read/write privilege to
be checked during lo_open() rather than in the actual read or write
calls.  Document that.

Discussion: https://postgr.es/m/CAB7nPqRHmNOYbETnc_2EjsuzSM00Z+BWKv9sy6tnvSd5gWT_JA@mail.gmail.com

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/6d776522d243d38faca6924d9b3c7cfaf0c4860d

Modified Files
--------------
doc/src/sgml/config.sgml |  3 ---
doc/src/sgml/lobj.sgml   | 42 ++++++++++++++++++++++++++++++++++++++----
2 files changed, 38 insertions(+), 7 deletions(-)

pgsql-committers by date:

From: Alvaro Herrera
Date: 14 November 2017, 20:37:59
Subject: pgsql: Simplify index_[constraint_]create API

From: Tom Lane
Date: 15 November 2017, 00:47:08
Subject: pgsql: Rearrange c.h to create a "compiler characteristics" section.

pgsql: Document changes in large-object privilege checking. - Mailing list pgsql-committers

Previous

Next