Re: I propose killing PL/Tcl's "modules" infrastructure
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Andrew Dunstan <andrew.dunstan@2ndquadrant.com>,
"pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>,
Jan Wieck <jan@wi3ck.info>
Date: 2017-02-27T12:48:13Z
Lists: pgsql-hackers
Robert Haas <robertmhaas@gmail.com> writes: > On Mon, Feb 27, 2017 at 1:24 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote: >> * I'm not terribly comfortable about what the permissions levels of the >> GUCs ought to be. ... Maybe we'd better make them both SUSET. > Making them SUSET sounds like a usability fail to me. I'm not sure > how bad the security risks of NOT making them SUSET are, but I think > if we find that SUSET is required for safety then we've squeezed most > of the value out of the feature. Well, the feature it's replacing (autoload an "unknown" module) had to be squeezed down to being effectively superuser-only, so we're not really losing anything compared to where we are now. And the more I think about it, the less I think we can introduce a new security-critical GUC and just leave it as USERSET. regards, tom lane
Commits
-
Invent start_proc parameters for PL/Tcl.
- 0d2b1f305dc7 10.0 landed
-
Remove PL/Tcl's "module" facility.
- 817f2a586342 10.0 landed
-
Remove all of the libpgtcl and pgtclsh files, including all references to
- 41fa9e9bae60 8.0.0 cited