Re: [HACKERS] VACUUM as a denial-of-service attack
| От | Tom Lane |
|---|---|
| Тема | Re: [HACKERS] VACUUM as a denial-of-service attack |
| Дата | |
| Msg-id | 12728.943850955@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: [HACKERS] VACUUM as a denial-of-service attack (Keith Parks <emkxp01@mtcc.demon.co.uk>) |
| Список | pgsql-hackers |
Keith Parks <emkxp01@mtcc.demon.co.uk> writes:
>> From: Tom Lane <tgl@sss.pgh.pa.us>
>> I think a reasonable answer to this is to restrict VACUUM on any
>> table to be allowed only to the table owner and Postgres superuser.
>> Does anyone have an objection or better idea?
> In the dim and distant past I produced a patch that put vacuum
> into the list of things that you could GRANT on a per-table
> basis. I don't know what effort it would take to rework that
> for current or if it would be worth it.
Thanks for the code, but for now I just threw in a quick pg_ownercheck
call: VACUUM will now vacuum all tables if you are the superuser, else
just the tables you own, skipping the rest with a NOTICE. What you had
looked like more infrastructure than I thought the problem was worth...
I suspect most people will run VACUUMs from the superuser account
anyway...
regards, tom lane
В списке pgsql-hackers по дате отправления: