> 13 апр. 2021 г., в 00:01, Andres Freund <and...@anarazel.de> написал(а): > > Hi, > > On 2021-04-12 23:51:02 +0300, Andrey Borodin wrote: >> Do I risk having some extra superusers in my installation if I allow >> everyone to create LEAKPROOF functions? > > I think that depends on what you define "superuser" to exactly > be. Defining it as "has a path to executing arbitrary native code", I > don't think, if implemented sensibly, allowing to set LEAKPROOF on new > functions would equate superuser permissions. Thanks! > But you soon after might > hit further limitations where lifting them would have such a risk, > e.g. defining new types with in/out functions. I think, real extensibility of a managed DB service is a very distant challenge. Currently we just allow-list extensions. Best regards, Andrey Borodin.
- Allowing to create LEAKPROOF functions to non-superuser Andrey Borodin
- Re: Allowing to create LEAKPROOF functions to non-supe... Tom Lane
- Re: Allowing to create LEAKPROOF functions to non-... Tomas Vondra
- Re: Allowing to create LEAKPROOF functions to ... Andres Freund
- Re: Allowing to create LEAKPROOF functions to ... Andrey Borodin
- Re: Allowing to create LEAKPROOF functions to non-... Andrey Borodin
- Re: Allowing to create LEAKPROOF functions to ... Andres Freund
- Re: Allowing to create LEAKPROOF functions... Andrey Borodin
- Re: Allowing to create LEAKPROOF functions... Tom Lane
- Re: Allowing to create LEAKPROOF func... Andres Freund
- Re: Allowing to create LEAKPROOF ... Noah Misch
- Re: Allowing to create LEAKPR... Robert Haas
- Re: Allowing to create LEAKPR... Tom Lane
- Re: Allowing to create LEAKPR... Robert Haas
- Re: Allowing to create LEAKPR... Stephen Frost
- Re: Allowing to create LEAKPR... Noah Misch
- Re: Allowing to create LEAKPR... Stephen Frost
- Re: Allowing to create LEAKPR... Andrey Borodin
