Postgres Pro
Downloads
Home   >   mailing lists

Thread: Re: [GENERAL] restore error - language "plperlu" is not trusted

Re: [GENERAL] restore error - language "plperlu" is not trusted

From
Peter Eisentraut
Date:
Attached is my proposed patch for this problem, to be put in 7.4.1.
Please someone give it a quick check.

Tom Lane wrote:
> Peter Eisentraut <peter_e@gmx.net> writes:
> > Tom Lane wrote:
> >> Uh, no, because you can say something like
> >> revoke all on language plperlu from public;
> >> and end up with non-null lanacl (because it instantiates the
> >> default assumption that the owner has all privileges).
> >
> > OK, that needs to be disallowed.
>
> Fair enough.  I thought it was a bit odd to disallow GRANT but allow
> REVOKE anyway.
>
> >> We could possibly hack the backend to avoid that, but I think
> >> pg_dump will need the special-case test anyway since it has to be
> >> able to cope with existing databases, wherein lanacl may be
> >> non-null.
> >
> > So far we know of 1 such database.  I'd like to see some more
> > before we bother about it.
>
> It's a one-line addition --- just put the dumpACL call inside
> "if (lanpltrusted)".  I think it is a reasonable change.  We'd have
> to do something anyway, because the existing pg_dump code is
> certainly broken for dumping untrusted languages from pre-7.3
> databases (it assumes a nonempty lanacl setting in that case).
Attachment

Re: [GENERAL] restore error - language "plperlu" is not trusted

From
Tom Lane
Date:
Peter Eisentraut <peter_e@gmx.net> writes:
> Attached is my proposed patch for this problem, to be put in 7.4.1.
> Please someone give it a quick check.

The aclchk change looks okay if that's the behavior you want, but I
wonder why you don't just make it raise error in both the GRANT and
REVOKE cases.

The pg_dump change looks okay for the 7.4 branch.  It will not apply to
HEAD but I think you can just add

    if (plang->lanpltrusted)

before the dumpACL call in that case.

            regards, tom lane

Re: [GENERAL] restore error - language "plperlu" is not trusted

From
Peter Eisentraut
Date:
Am Donnerstag, 18. Dezember 2003 21:45 schrieb Tom Lane:
> The aclchk change looks okay if that's the behavior you want, but I
> wonder why you don't just make it raise error in both the GRANT and
> REVOKE cases.

Yes, that seems better.

> The pg_dump change looks okay for the 7.4 branch.  It will not apply to
> HEAD but I think you can just add
>
>     if (plang->lanpltrusted)
>
> before the dumpACL call in that case.

OK, both branches patched.  As far as I'm concerned, we can release 7.4.1.