Thread
Commits
-
Doc: fix typo in "Generic File Access Functions" section.
- 84fcc2ce5696 11.2 landed
- 3cab54878dbf 12.0 landed
-
Doc typo?
Tatsuo Ishii <ishii@sraoss.co.jp> — 2018-12-18T23:04:58Z
While translating the manual into Japanese, I had a hard time to parse following sentence in func.sgml: Note that granting users the EXECUTE privilege on the <function>pg_read_file()</function>, or related, functions allows them the ability to read any file on the server which the database can read and that those reads bypass all in-database privilege checks. It seems there's an extra comma between "related" and "functions". Am I correct? Patch attached. Best regards, -- Tatsuo Ishii SRA OSS, Inc. Japan English: http://www.sraoss.co.jp/index_en.php Japanese:http://www.sraoss.co.jp -
Re: Doc typo?
Tom Lane <tgl@sss.pgh.pa.us> — 2018-12-18T23:16:14Z
Tatsuo Ishii <ishii@sraoss.co.jp> writes: > While translating the manual into Japanese, I had a hard time to > parse following sentence in func.sgml: > Note that granting users the EXECUTE privilege on the > <function>pg_read_file()</function>, or related, functions allows them the > ability to read any file on the server which the database can read and > that those reads bypass all in-database privilege checks. > It seems there's an extra comma between "related" and "functions". Am I correct? I'd move the comma not remove it; and I think "the pg_read_file()" is pretty bad English too. So perhaps Note that granting users the EXECUTE privilege on <function>pg_read_file()</function>, or related functions, allows them the ability to read any file on the server which the database can read and that those reads bypass all in-database privilege checks. regards, tom lane -
Re: Doc typo?
David Fetter <david@fetter.org> — 2018-12-18T23:38:05Z
On Tue, Dec 18, 2018 at 06:16:14PM -0500, Tom Lane wrote: > Tatsuo Ishii <ishii@sraoss.co.jp> writes: > > While translating the manual into Japanese, I had a hard time to > > parse following sentence in func.sgml: > > > Note that granting users the EXECUTE privilege on the > > <function>pg_read_file()</function>, or related, functions allows them the > > ability to read any file on the server which the database can read and > > that those reads bypass all in-database privilege checks. > > > It seems there's an extra comma between "related" and "functions". Am I correct? > > I'd move the comma not remove it; and I think "the pg_read_file()" is > pretty bad English too. So perhaps > > Note that granting users the EXECUTE privilege on > <function>pg_read_file()</function>, or related functions, allows them the > ability to read any file on the server which the database can read and > that those reads bypass all in-database privilege checks. Maintaining parallelism: Note that granting users the EXECUTE privilege on <function>pg_read_file()</function>, or on related functions, allows them the ability to read any file on the server which the database can read and that those reads bypass all in-database privilege checks. Is there a useful distinction to be drawn between the files readable by the system user who owns the database and those the database itself can read? Best, David. -- David Fetter <david(at)fetter(dot)org> http://fetter.org/ Phone: +1 415 235 3778 Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate -
Re: Doc typo?
Tom Lane <tgl@sss.pgh.pa.us> — 2018-12-18T23:47:42Z
David Fetter <david@fetter.org> writes: > Is there a useful distinction to be drawn between the files readable > by the system user who owns the database and those the database itself > can read? Probably not. It's possible to create such a distinction with SELinux or other security tools, but not in plain Unix, and I don't think we want to wade into non-standard stuff. regards, tom lane
-
Re: Doc typo?
Tatsuo Ishii <ishii@sraoss.co.jp> — 2018-12-19T00:20:09Z
>> It seems there's an extra comma between "related" and "functions". Am I correct? > > I'd move the comma not remove it; and I think "the pg_read_file()" is > pretty bad English too. So perhaps > > Note that granting users the EXECUTE privilege on > <function>pg_read_file()</function>, or related functions, allows them the > ability to read any file on the server which the database can read and > that those reads bypass all in-database privilege checks. Thanks. I will commit this. Best regards, -- Tatsuo Ishii SRA OSS, Inc. Japan English: http://www.sraoss.co.jp/index_en.php Japanese:http://www.sraoss.co.jp
-
Re: Doc typo?
Tatsuo Ishii <ishii@sraoss.co.jp> — 2018-12-19T00:59:05Z
>> I'd move the comma not remove it; and I think "the pg_read_file()" is >> pretty bad English too. So perhaps >> >> Note that granting users the EXECUTE privilege on >> <function>pg_read_file()</function>, or related functions, allows them the >> ability to read any file on the server which the database can read and >> that those reads bypass all in-database privilege checks. > > Thanks. I will commit this. Done. Best regards, -- Tatsuo Ishii SRA OSS, Inc. Japan English: http://www.sraoss.co.jp/index_en.php Japanese:http://www.sraoss.co.jp