Re: pg_parameter_aclcheck() and trusted extensions - Mailing list pgsql-hackers

From Michael Paquier
Subject Re: pg_parameter_aclcheck() and trusted extensions
Date
Msg-id YsYxEtX8zOYKf3Ru@paquier.xyz
Whole thread Raw
In response to pg_parameter_aclcheck() and trusted extensions  (Nathan Bossart <nathandbossart@gmail.com>)
Responses Re: pg_parameter_aclcheck() and trusted extensions
Re: pg_parameter_aclcheck() and trusted extensions
List pgsql-hackers
On Wed, Jul 06, 2022 at 03:47:27PM -0700, Nathan Bossart wrote:
> I think the call to superuser_arg() in pg_parameter_aclmask() is causing
> set_config_option() to bypass the normal privilege checks, as
> execute_extension_script() will have set the user ID to the bootstrap
> superuser for trusted extensions like plperl.  I don't have a patch or a
> proposal at the moment, but I thought it was worth starting the discussion.

Looks like a bug to me, so I have added an open item assigned to Tom.
--
Michael

Attachment

pgsql-hackers by date:

Previous
From: Michael Paquier
Date:
Subject: Re: defGetBoolean - Fix comment
Next
From: Michael Paquier
Date:
Subject: Re: Fix unnecessary includes and comments in 019_replslot_limit.pl, 007_wal.pl and 004_timeline_switch.pl