Thread: Permissions on CHECKPOINT
Contrary to what the submitted documentation claims, there is no permission checking done on the CHECKPOINT command. Should there be? Btw., is there any normal usage application of this command? This relates to the previous paragraph somewhat. -- Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/
Peter Eisentraut wrote: >Contrary to what the submitted documentation claims, there is no >permission checking done on theCHECKPOINT command. Should there be? Vadim seemed to indicate that he was going to make that restriction. Perhaps I misunderstood. If it's too late to make the change for 7.1, the fact should be documented in a Bug section of the man page. >Btw., is there any normal usage application of this command? This relates >to the previous paragraph somewhat. > >-- >Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/ > -- Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47 GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C ======================================== "If anyone has material possessions and sees his brother in need but has nopity on him, how can the love of God be in him?" I John 3:17
> >Contrary to what the submitted documentation claims, there is no > >permission checking done on the CHECKPOINT command. > Should there be? > > Vadim seemed to indicate that he was going to make that restriction. > Perhaps I misunderstood. Yes, there should be permission checking - I'll add it later (in 7.1) if no one else. Vadim
Mikheev, Vadim writes:
> Yes, there should be permission checking - I'll add it later (in 7.1)
> if no one else.
Should be simple enough. Is this okay:
Index: utility.c
===================================================================
RCS file: /home/projects/pgsql/cvsroot/pgsql/src/backend/tcop/utility.c,v
retrieving revision 1.105
diff -c -r1.105 utility.c
*** utility.c 2001/01/05 06:34:20 1.105
--- utility.c 2001/01/25 16:40:40
***************
*** 18,23 ****
--- 18,24 ----
#include "access/heapam.h" #include "catalog/catalog.h"
+ #include "catalog/pg_shadow.h" #include "commands/async.h" #include "commands/cluster.h" #include
"commands/command.h"
***************
*** 851,856 ****
--- 852,859 ---- { set_ps_display(commandTag = "CHECKPOINT");
+ if (!superuser())
+ elog(ERROR, "permission denied");
CreateCheckPoint(false); } break;
--
Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/
Peter Eisentraut <peter_e@gmx.net> writes:
> Mikheev, Vadim writes:
>> Yes, there should be permission checking - I'll add it later (in 7.1)
>> if no one else.
> Should be simple enough. Is this okay:
Actually, I think a more interesting question is "should CHECKPOINT
have permission restrictions? If so, what should they be?"
A quite relevant precedent is that Unix systems (at least the ones
I've used) do not restrict who can call sync().
regards, tom lane
Hi all, Re-posting this to -hackers. Will PQprint() remain/disappear/be replaced in the future? Thx Ed -- ������������������
Tom Lane wrote: >Peter Eisentraut <peter_e@gmx.net> writes: >> Mikheev, Vadim writes: >>> Yes, there should be permissionchecking - I'll add it later (in 7.1) >>> if no one else. > >> Should be simple enough. Is this okay: > >Actually,I think a more interesting question is "should CHECKPOINT >have permission restrictions? If so, what should theybe?" > >A quite relevant precedent is that Unix systems (at least the ones >I've used) do not restrict who can call sync(). What about DoS attacks? What would be the effect of someone's setting off an infinite loop of CHECKPOINTs? -- Oliver Elphick Oliver.Elphick@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver PGP: 1024R/32B8FAA1: 97 EA 1D 47 72 3F 28 47 6B 7E 39 CC 56 E4 C1 47 GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C ======================================== "Wash me thoroughly from mine iniquity, and cleanse me from my sin. For Iacknowledge my transgressions; and my sin is ever before me. Against thee, thee only, have I sinned, and donethis evil in thy sight..." Psalms 51:2-4
> > Yes, there should be permission checking - I'll add it > > later (in 7.1) if no one else. > > Should be simple enough. Is this okay: I think yes - please apply. Vadim
> Actually, I think a more interesting question is "should CHECKPOINT > have permission restrictions? If so, what should they be?" > > A quite relevant precedent is that Unix systems (at least the ones > I've used) do not restrict who can call sync(). Checkpoints 1. affect entire system, 2. increase log output and 3. it's hard operation. Command itself was added mostly for debug purposes. Vadim
> Tom Lane wrote: > >Peter Eisentraut <peter_e@gmx.net> writes: > >> Mikheev, Vadim writes: > >>> Yes, there should be permission checking - I'll add it later (in 7.1) > >>> if no one else. > > > >> Should be simple enough. Is this okay: > > > >Actually, I think a more interesting question is "should CHECKPOINT > >have permission restrictions? If so, what should they be?" > > > >A quite relevant precedent is that Unix systems (at least the ones > >I've used) do not restrict who can call sync(). > > What about DoS attacks? What would be the effect of someone's setting > off an infinite loop of CHECKPOINTs? Don't we have bigger DoS attacks? Certainly SELECT cash_out(1) is a much bigger one. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026
> > What about DoS attacks? What would be the effect of > > someone's setting off an infinite loop of CHECKPOINTs? > > Don't we have bigger DoS attacks? Certainly SELECT cash_out(1) is a > much bigger one. I've missed point - cash_out(1) is bug that should be fixed. Any reason to add yet another gun? Vadim
[ Charset ISO-8859-1 unsupported, converting... ] > > > What about DoS attacks? What would be the effect of > > > someone's setting off an infinite loop of CHECKPOINTs? > > > > Don't we have bigger DoS attacks? Certainly SELECT cash_out(1) is a > > much bigger one. > > I've missed point - cash_out(1) is bug that should be fixed. > Any reason to add yet another gun? True. I just thought there were many bigger DoS areas. Maybe I am wrong. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026
Okay, okay, complaint withdrawn. Peter, would you commit that
permission check?
regards, tom lane
> > Hi all, > > Re-posting this to -hackers. Will PQprint() remain/disappear/be replaced > in the future? No idea. We are not sure who uses it. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026