Re: pg_parameter_aclcheck() and trusted extensions

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: Michael Paquier <michael@paquier.xyz>, pgsql-hackers@postgresql.org
Date: 2022-07-14T22:03:45Z
Lists: pgsql-hackers
Nathan Bossart <nathandbossart@gmail.com> writes:
> On Thu, Jul 14, 2022 at 04:02:30PM -0400, Tom Lane wrote:
>> I noted something that ought to be looked at separately:
>> validate_option_array_item() seems like it needs to be taught about
>> grantable permissions on GUCs.  I think that right now it may report
>> permissions failures in some cases where it should succeed.

> Which cases do you think might be inappropriately reporting permissions
> failures?  It looked to me like this stuff was mostly used for
> pg_db_role_setting, which wouldn't be impacted by the current set of
> grantable GUC permissions.  Is the idea that you should be able to do ALTER
> ROLE SET for GUCs that you have SET permissions for?

Well, that's what I'm wondering.  Obviously that wouldn't *alone* be
enough permissions, but it seems like it could be a component of it.
Specifically, this bit:

	/* manual permissions check so we can avoid an error being thrown */
	if (gconf->context == PGC_USERSET)
		 /* ok */ ;
	else if (gconf->context == PGC_SUSET && superuser())
		 /* ok */ ;
	else if (skipIfNoPermissions)
		return false;

seems like it's trying to duplicate what set_config_option would do,
and it's now missing a component of that.  If it shouldn't check
per-GUC permissions along with superuser(), we should add a comment
explaining why not.

			regards, tom lane



Commits

  1. Fix missed corner cases for grantable permissions on GUCs.