Thread

Commits

  1. Doc: fix typo in "Generic File Access Functions" section.

  1. Doc typo?

    Tatsuo Ishii <ishii@sraoss.co.jp> — 2018-12-18T23:04:58Z

    While translating the manual into Japanese, I had a hard time to
    parse following sentence in func.sgml:
    
        Note that granting users the EXECUTE privilege on the
        <function>pg_read_file()</function>, or related, functions allows them the
        ability to read any file on the server which the database can read and
        that those reads bypass all in-database privilege checks.
    
    It seems there's an extra comma between "related" and "functions". Am I correct?
    
    Patch attached.
    
    Best regards,
    --
    Tatsuo Ishii
    SRA OSS, Inc. Japan
    English: http://www.sraoss.co.jp/index_en.php
    Japanese:http://www.sraoss.co.jp
    
  2. Re: Doc typo?

    Tom Lane <tgl@sss.pgh.pa.us> — 2018-12-18T23:16:14Z

    Tatsuo Ishii <ishii@sraoss.co.jp> writes:
    > While translating the manual into Japanese, I had a hard time to
    > parse following sentence in func.sgml:
    
    >     Note that granting users the EXECUTE privilege on the
    >     <function>pg_read_file()</function>, or related, functions allows them the
    >     ability to read any file on the server which the database can read and
    >     that those reads bypass all in-database privilege checks.
    
    > It seems there's an extra comma between "related" and "functions". Am I correct?
    
    I'd move the comma not remove it; and I think "the pg_read_file()" is
    pretty bad English too.  So perhaps
    
         Note that granting users the EXECUTE privilege on
         <function>pg_read_file()</function>, or related functions, allows them the
         ability to read any file on the server which the database can read and
         that those reads bypass all in-database privilege checks.
    
    			regards, tom lane
    
    
    
  3. Re: Doc typo?

    David Fetter <david@fetter.org> — 2018-12-18T23:38:05Z

    On Tue, Dec 18, 2018 at 06:16:14PM -0500, Tom Lane wrote:
    > Tatsuo Ishii <ishii@sraoss.co.jp> writes:
    > > While translating the manual into Japanese, I had a hard time to
    > > parse following sentence in func.sgml:
    > 
    > >     Note that granting users the EXECUTE privilege on the
    > >     <function>pg_read_file()</function>, or related, functions allows them the
    > >     ability to read any file on the server which the database can read and
    > >     that those reads bypass all in-database privilege checks.
    > 
    > > It seems there's an extra comma between "related" and "functions". Am I correct?
    > 
    > I'd move the comma not remove it; and I think "the pg_read_file()" is
    > pretty bad English too.  So perhaps
    > 
    >      Note that granting users the EXECUTE privilege on
    >      <function>pg_read_file()</function>, or related functions, allows them the
    >      ability to read any file on the server which the database can read and
    >      that those reads bypass all in-database privilege checks.
    
    Maintaining parallelism:
    
        Note that granting users the EXECUTE privilege on
        <function>pg_read_file()</function>, or on related functions, allows them the
        ability to read any file on the server which the database can read and
        that those reads bypass all in-database privilege checks.
    
    Is there a useful distinction to be drawn between the files readable
    by the system user who owns the database and those the database itself
    can read?
    
    Best,
    David.
    -- 
    David Fetter <david(at)fetter(dot)org> http://fetter.org/
    Phone: +1 415 235 3778
    
    Remember to vote!
    Consider donating to Postgres: http://www.postgresql.org/about/donate
    
    
    
  4. Re: Doc typo?

    Tom Lane <tgl@sss.pgh.pa.us> — 2018-12-18T23:47:42Z

    David Fetter <david@fetter.org> writes:
    > Is there a useful distinction to be drawn between the files readable
    > by the system user who owns the database and those the database itself
    > can read?
    
    Probably not.  It's possible to create such a distinction with SELinux
    or other security tools, but not in plain Unix, and I don't think we
    want to wade into non-standard stuff.
    
    			regards, tom lane
    
    
    
  5. Re: Doc typo?

    Tatsuo Ishii <ishii@sraoss.co.jp> — 2018-12-19T00:20:09Z

    >> It seems there's an extra comma between "related" and "functions". Am I correct?
    > 
    > I'd move the comma not remove it; and I think "the pg_read_file()" is
    > pretty bad English too.  So perhaps
    > 
    >      Note that granting users the EXECUTE privilege on
    >      <function>pg_read_file()</function>, or related functions, allows them the
    >      ability to read any file on the server which the database can read and
    >      that those reads bypass all in-database privilege checks.
    
    Thanks. I will commit this.
    
    Best regards,
    --
    Tatsuo Ishii
    SRA OSS, Inc. Japan
    English: http://www.sraoss.co.jp/index_en.php
    Japanese:http://www.sraoss.co.jp
    
    
    
  6. Re: Doc typo?

    Tatsuo Ishii <ishii@sraoss.co.jp> — 2018-12-19T00:59:05Z

    >> I'd move the comma not remove it; and I think "the pg_read_file()" is
    >> pretty bad English too.  So perhaps
    >> 
    >>      Note that granting users the EXECUTE privilege on
    >>      <function>pg_read_file()</function>, or related functions, allows them the
    >>      ability to read any file on the server which the database can read and
    >>      that those reads bypass all in-database privilege checks.
    > 
    > Thanks. I will commit this.
    
    Done.
    
    Best regards,
    --
    Tatsuo Ishii
    SRA OSS, Inc. Japan
    English: http://www.sraoss.co.jp/index_en.php
    Japanese:http://www.sraoss.co.jp