Re: system administration functions with hardcoded superuser checks

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Tomas Vondra <tv@fuzzy.cz>
Cc: pgsql-hackers@postgresql.org
Date: 2012-12-20T00:14:52Z
Lists: pgsql-hackers
Tomas Vondra <tv@fuzzy.cz> writes:
> On 19.12.2012 07:34, Magnus Hagander wrote:
>> Granting executability on pg_read_xyz is pretty darn close to granting
>> superuser, without explicitly asking for it. Well, you get "read only
>> superuser". If we want to make that step as easy as just GRANT, we
>> really need to write some *very* strong warnings in the documentation
>> so that people realize this. I doubt most people will realize it
>> unless we do that (and those who don't read the docs, whch is probably
>> a majority, never will).

> Yup, that's what I meant by possibility to perform "additional parameter
> values checks" ;-)

Yeah, which is easily done if you've written a wrapper function and not
so easily otherwise.  Between that and the point about how pg_dump
wouldn't preserve GRANTs done directly on system functions, I think this
proposal isn't going anywhere anytime soon.

			regards, tom lane