I wrote:
> I will go and commit this, without the #ifdefs and without the --single
> exclusion.

On closer inspection I realized that the switch parsing was still far too
risky, because it would treat "-C" in any word of the process command line
as a reason not to check for root.  Quite aside from the fact that some of
those words might be switch arguments not switches, main.c is also the
front end for other operating modes that have switches unrelated to the
postmaster's switches.  --boot mode doesn't have any -C switch today, but
it might do so tomorrow, and that would result in a hard-to-notice hole in
our root protections.

However, there is a reasonably simple way around that objection, which is
to only skip the root check if -C is the first switch.  pg_ctl can easily
be changed to call it that way, and we're not really here to make -C easy
for root users to call manually, so I'm not too concerned about that
aspect of it.  --describe-config is only accepted as the first switch
anyway, so there's no issue there either.

Committed with appropriate changes.

                        regards, tom lane

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to