Robert Haas <> writes:
> On Mon, Feb 27, 2017 at 1:24 AM, Tom Lane <> wrote:
>> * I'm not terribly comfortable about what the permissions levels of the
>> GUCs ought to be. ... Maybe we'd better make them both SUSET.

> Making them SUSET sounds like a usability fail to me.  I'm not sure
> how bad the security risks of NOT making them SUSET are, but I think
> if we find that SUSET is required for safety then we've squeezed most
> of the value out of the feature.

Well, the feature it's replacing (autoload an "unknown" module) had to be
squeezed down to being effectively superuser-only, so we're not really
losing anything compared to where we are now.  And the more I think about
it, the less I think we can introduce a new security-critical GUC and just
leave it as USERSET.

                        regards, tom lane

Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to