Home > mailing lists

Re: Allowing to create LEAKPROOF functions to non-superuser - Mailing list pgsql-hackers

From	Tomas Vondra
Subject	Re: Allowing to create LEAKPROOF functions to non-superuser
Date	April 12, 2021 23:42:03
Msg-id	c5957702-10ab-cc93-dbcb-1117c711bee1@enterprisedb.com Whole thread Raw
In response to	Re: Allowing to create LEAKPROOF functions to non-superuser (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Allowing to create LEAKPROOF functions to non-superuser (Andres Freund <andres@anarazel.de>) Re: Allowing to create LEAKPROOF functions to non-superuser (Andrey Borodin <x4mmm@yandex-team.ru>)
List	pgsql-hackers

Tree view

On 4/12/21 10:37 PM, Tom Lane wrote:
> Andrey Borodin <x4mmm@yandex-team.ru> writes:
>> Currently only superuser is allowed to create LEAKPROOF functions
>> because leakproof functions can see tuples which have not yet been
>> filtered out by security barrier views or row level security
>> policies.
> 
> Yeah.
> 
>> But managed cloud services typically do not provide superuser
>> roles.
> 
> This is not a good argument for relaxing superuser requirements.
> 

I guess for the cloud services it's not an issue - they're mostly
concerned about manageability and restricting access to the OS. It's
unfortunate that we tie the this capability to being superuser, so maybe
the right solution would be to introduce a separate role with this
privilege?

regards

-- 
Tomas Vondra
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Andres Freund
Date: 12 April 2021, 23:40:46
Subject: Re: PANIC: wrong buffer passed to visibilitymap_clear

From: Andrey Borodin
Date: 12 April 2021, 23:51:02
Subject: Re: Allowing to create LEAKPROOF functions to non-superuser

Re: Allowing to create LEAKPROOF functions to non-superuser - Mailing list pgsql-hackers

Previous

Next