Re: BUG #18964: `ALTER DATABASE ... RESET ...` fails to reset extension parameters that no longer exist
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: mert@futo.org, pgsql-bugs@lists.postgresql.org
Date: 2025-06-20T20:24:41Z
Lists: pgsql-bugs
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Allow resetting unknown custom GUCs with reserved prefixes.
- f79ca73d75cb 15.14 landed
- b998ce3272ab 16.10 landed
- 9eb6068fb64c 19 (unreleased) landed
- 7b9674a8b180 18.0 landed
- 39ff056365e4 17.6 landed
-
Allow ALTER SYSTEM to set unrecognized custom GUCs.
- 2d870b4aeff1 17.0 cited
-
Disallow setting bogus GUCs within an extension's reserved namespace.
- 88103567cb8f 15.0 cited
Nathan Bossart <nathandbossart@gmail.com> writes:
> On Fri, Jun 20, 2025 at 12:24:20PM +0000, PG Bug reporting form wrote:
>> As a solution, I added a migration that removes the now-redundant parameter
>> with `ALTER DATABASE immich RESET vchordrq.prewarm_dim;`. However, while
>> this worked for our CI that uses Postgres 14 and for admins using 14, we
>> began getting reports from admins using 15, 16 and 17 that the migration
>> fails with the following error:
>> ```
>> PostgresError: invalid configuration parameter name "vchordrq.prewarm_dim"
>> {
>> severity_local: 'ERROR',
>> severity: 'ERROR',
>> code: '42602',
>> detail: '"vchordrq" is a reserved prefix.',
>>
>> It would be great if `RESET`ing the parameter still worked in this
>> situation, even if `SET`ing it does not.
> It seems like we could at least allow superusers and folks with existing
> privileges on removed parameters to RESET in this case.
The hazard we need to pay attention to here is someone removing a
parameter setting that they shouldn't have had privilege to do.
In particular, if a non-superuser can RESET a SUSET-or-above
parameter, that's bad.
In the case at hand, where the prefix is known but the parameter
isn't, I think we could safely assume that the setting is either
a mistake (probably installed while the extension wasn't loaded)
or the described case of a parameter the extension no longer
uses. Either way it seems safe to allow RESET with suitable
privileges on the target DB and/or role.
If the prefix is not known, then we're really flying blind.
It looks like we assume the parameter might be SUSET and therefore
allow both ALTER DB/ROLE SET and RESET only to superusers.
I'm hesitant to relax that case.
regards, tom lane