Re: pgsql: Add new GUC createrole_self_grant.
| От | David G. Johnston |
|---|---|
| Тема | Re: pgsql: Add new GUC createrole_self_grant. |
| Дата | |
| Msg-id | CAKFQuwbff63oVtsFMPEnaUMc2=YQ-KWNb7jHUFeQHuenpbJ9Aw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: pgsql: Add new GUC createrole_self_grant. (Andres Freund <andres@anarazel.de>) |
| Ответы |
Re: pgsql: Add new GUC createrole_self_grant.
|
| Список | pgsql-hackers |
On Fri, Jan 13, 2023 at 4:46 PM Andres Freund <andres@anarazel.de> wrote:
I don't really see what that has to do with the topic at hand, unless you want
to suggest removing the entire section about how to write secure security
definer functions?
Not remove, but I'm not seeing why the introduction of this GUC requires any change to the documentation.
I'll leave discussion of security invoker to the other thread going on right now.
The point of the security definer section is to explain how to safely write
security definer functions that you grant to less privileged users
Yeah, we are really good at "how".
+ If the security definer function intends to create roles, and if it
+ is running as a non-superuser, <varname>createrole_self_grant</varname>
+ should also be set to a known value using the <literal>SET</literal>
+ clause.
+ is running as a non-superuser, <varname>createrole_self_grant</varname>
+ should also be set to a known value using the <literal>SET</literal>
+ clause.
I'd like to know "why". Without knowing why we are adding this I can't give it a +1. I want the patch to include the why.
David J.
В списке pgsql-hackers по дате отправления: