Robert Haas <robertmh...@gmail.com> writes: > The problem is if the interpretation functions aren't completely > bulletproof, they might do things like crash the server if you use > them to read a corrupt page. That is not any more appealing if you > happen to be running as superuser() than otherwise.
I'm not aware that they're likely to crash the server, and if they are, so would any regular access to the page in question. The things we were worried about were more along the lines of unexpected information disclosure. This is not to say that I'm against making those functions more bulletproof. I'm just saying that I find little point in reducing their superuser checks if we can't get rid of the one in get_raw_page. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers