* Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: > On 8/23/16 5:22 PM, Stephen Frost wrote: > > Now that we track initial privileges on extension objects and changes to > > those permissions, we can drop the superuser() checks from the various > > functions which are part of the pgstattuple extension. > > > > Since a pg_upgrade will preserve the version of the extension which > > existed prior to the upgrade, we can't simply modify the existing > > functions but instead need to create new functions which remove the > > checks and update the SQL-level functions to use the new functions > > I think this is a good change to pursue, and we'll likely want to do > more similar changes in contrib. But I'm worried that what is logically > a 10-line change will end up a 20 KiB patch every time.
This is primairly due to how we handle new versions of an extension. Any change to an extension is going to involve a new upgrade script and the removal of the prior version install script and addition of the new version install scripts. > Have we explored other options for addressing the upgrade problems? We did discuss the upgrade issue and Noah proposed the current approach, which appears to be the best option. > Maybe the function could check that non-default privileges have been > granted? Simply changing the function to behave differently depending on what privileges have or havn't been granted doesn't seem like a very good idea. Consider an existing installation where the admin tried to grant access to one of these functions: GRANT EXECUTE ON pgstattuple_func() TO bob; This would result in a GRANT to bob explicitly, and the GRANT to public would still be there also. Then an upgrade of PG, without upgrading the extension, would lead to any user being able to execute the function. An upgrade of the extension would revoke the GRANT to PUBLIC and, further, would hopefuflly cause the admin to consider checking the documentation about the upgrade (which needs to be added; I'll do that). We also created a new version to add the PARALLEL SAFE markings to the functions. In general, I believe it's better to use a new version when we're making these kinds of changes. Thanks! Stephen
signature.asc
Description: Digital signature
