Home > mailing lists

Re: pg_parameter_aclcheck() and trusted extensions - Mailing list pgsql-hackers

From	Michael Paquier
Subject	Re: pg_parameter_aclcheck() and trusted extensions
Date	July 7, 2022 04:04:18
Msg-id	YsYxEtX8zOYKf3Ru@paquier.xyz Whole thread Raw
In response to	pg_parameter_aclcheck() and trusted extensions (Nathan Bossart <nathandbossart@gmail.com>)
Responses	Re: pg_parameter_aclcheck() and trusted extensions Re: pg_parameter_aclcheck() and trusted extensions
List	pgsql-hackers

Tree view

On Wed, Jul 06, 2022 at 03:47:27PM -0700, Nathan Bossart wrote:
> I think the call to superuser_arg() in pg_parameter_aclmask() is causing
> set_config_option() to bypass the normal privilege checks, as
> execute_extension_script() will have set the user ID to the bootstrap
> superuser for trusted extensions like plperl.  I don't have a patch or a
> proposal at the moment, but I thought it was worth starting the discussion.

Looks like a bug to me, so I have added an open item assigned to Tom.
--
Michael

Attachment

signature.asc

pgsql-hackers by date:

From: Michael Paquier
Date: 07 July 2022, 03:54:24
Subject: Re: defGetBoolean - Fix comment

From: Michael Paquier
Date: 07 July 2022, 04:24:40
Subject: Re: Fix unnecessary includes and comments in 019_replslot_limit.pl, 007_wal.pl and 004_timeline_switch.pl

Re: pg_parameter_aclcheck() and trusted extensions - Mailing list pgsql-hackers

Attachment

Previous

Next