Thread: Bug #928: server_min_messages (log_min_messages in CVS) have PGC_USERSET GucContext
Bug #928: server_min_messages (log_min_messages in CVS) have PGC_USERSET GucContext
From
pgsql-bugs@postgresql.org
Date:
Sergey N. Yatskevich (syatskevich@n21lab.gosniias.msk.ru) reports a bug with a severity of 4 The lower the number the more severe it is. Short Description server_min_messages (log_min_messages in CVS) have PGC_USERSET GucContext Long Description In src/backend/utils/misc/guc.c "server_min_messages" ("log_min_messages" in CVS)configuration option have PGC_USERSET GucContext. I think that it is not good idea that user can change server log details level. I suggest change GucContext in this case on PGC_SIGHUP. Sample Code No file was uploaded with this report
Re: Bug #928: server_min_messages (log_min_messages in CVS) have PGC_USERSET GucContext
From
Tom Lane
Date:
pgsql-bugs@postgresql.org writes: > In src/backend/utils/misc/guc.c "server_min_messages" > ("log_min_messages" in CVS)configuration option have PGC_USERSET > GucContext. I think that it is not good idea that user can > change server log details level. I suggest change GucContext in > this case on PGC_SIGHUP. PGC_SUSET would be appropriate if we think that there's really a security issue here. But ISTM this was already considered when the present setup was designed, and we deliberately chose USERSET. Bruce, do you remember what the reasoning was? regards, tom lane
Tom Lane wrote: > pgsql-bugs@postgresql.org writes: > > In src/backend/utils/misc/guc.c "server_min_messages" > > ("log_min_messages" in CVS)configuration option have PGC_USERSET > > GucContext. I think that it is not good idea that user can > > change server log details level. I suggest change GucContext in > > this case on PGC_SIGHUP. > > PGC_SUSET would be appropriate if we think that there's really a security > issue here. But ISTM this was already considered when the present setup > was designed, and we deliberately chose USERSET. Bruce, do you remember > what the reasoning was? The issue was that you might want to increase server logging in certain clients to help debug a problem. If we had a "don't raise me" setting, that would work. Another idea is to add the ability to SET things perminantly. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
On Sun, 2003-03-30 at 19:20, Bruce Momjian wrote: > The issue was that you might want to increase server logging in certain > clients to help debug a problem. That seems a little obscure to me -- IMHO it's not really worth adding additional GUC complexity to account for it. Why not just use SUSET, and then consider how to change it if someone complains? Cheers, Neil
pgsql-bugs@postgresql.org wrote: > Sergey N. Yatskevich (syatskevich@n21lab.gosniias.msk.ru) reports a bug with a severity of 4 > The lower the number the more severe it is. > > Short Description > server_min_messages (log_min_messages in CVS) have PGC_USERSET GucContext > > Long Description > In src/backend/utils/misc/guc.c "server_min_messages" > ("log_min_messages" in CVS)configuration option have PGC_USERSET > GucContext. I think that it is not good idea that user can > change server log details level. I suggest change GucContext in > this case on PGC_SIGHUP. The reason it is PGC_USERSET is because we imagined people might want to increase the amount of information sent to the server logs, and we don't have an _increase_only_ restriction capability. However, maybe it should be PGC_SUSET. Comments? -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania19073
Bruce Momjian <pgman@candle.pha.pa.us> writes: > The reason it is PGC_USERSET is because we imagined people might want to > increase the amount of information sent to the server logs, and we don't > have an _increase_only_ restriction capability. However, maybe it > should be PGC_SUSET. Yeah, probably so. Particularly with the 7.4 error message additions, it'd be possible to make the logs very verbose indeed, which might be seen as a form of attack (or at least a good way to hide your traces). regards, tom lane