Attached is my proposed patch for this problem, to be put in 7.4.1.
Please someone give it a quick check.
Tom Lane wrote:
> Peter Eisentraut <[EMAIL PROTECTED]> writes:
> > Tom Lane wrote:
> >> Uh, no, because you can say something like
> >> revoke all on language plperlu from public;
> >> and end up with non-null lanacl (because it instantiates the
> >> default assumption that the owner has all privileges).
> >
> > OK, that needs to be disallowed.
>
> Fair enough. I thought it was a bit odd to disallow GRANT but allow
> REVOKE anyway.
>
> >> We could possibly hack the backend to avoid that, but I think
> >> pg_dump will need the special-case test anyway since it has to be
> >> able to cope with existing databases, wherein lanacl may be
> >> non-null.
> >
> > So far we know of 1 such database. I'd like to see some more
> > before we bother about it.
>
> It's a one-line addition --- just put the dumpACL call inside
> "if (lanpltrusted)". I think it is a reasonable change. We'd have
> to do something anyway, because the existing pg_dump code is
> certainly broken for dumping untrusted languages from pre-7.3
> databases (it assumes a nonempty lanacl setting in that case).
diff -cr ../cvs-pgsql/src/backend/catalog/aclchk.c ./src/backend/catalog/aclchk.c
*** ../cvs-pgsql/src/backend/catalog/aclchk.c Sat Nov 1 02:52:13 2003
--- ./src/backend/catalog/aclchk.c Thu Dec 18 20:20:08 2003
***************
*** 592,601 ****
aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_LANGUAGE,
NameStr(pg_language_tuple->lanname));
! if (!pg_language_tuple->lanpltrusted && stmt->is_grant)
! ereport(ERROR,
! (errcode(ERRCODE_WRONG_OBJECT_TYPE),
! errmsg("language \"%s\" is not trusted", langname)));
/*
* If there's no ACL, substitute the proper default.
--- 592,613 ----
aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_LANGUAGE,
NameStr(pg_language_tuple->lanname));
! if (!pg_language_tuple->lanpltrusted)
! {
! if (stmt->is_grant)
! {
! ereport(ERROR,
! (errcode(ERRCODE_WRONG_OBJECT_TYPE),
! errmsg("language \"%s\" is not trusted", langname)));
! }
! else
! {
! /* do nothing (like revoking a non-existing privilege) */
! ReleaseSysCache(tuple);
! heap_close(relation, RowExclusiveLock);
! continue;
! }
! }
/*
* If there's no ACL, substitute the proper default.
diff -cr ../cvs-pgsql/src/bin/pg_dump/pg_dump.c ./src/bin/pg_dump/pg_dump.c
*** ../cvs-pgsql/src/bin/pg_dump/pg_dump.c Thu Oct 30 21:24:39 2003
--- ./src/bin/pg_dump/pg_dump.c Thu Dec 18 21:10:09 2003
***************
*** 3488,3493 ****
--- 3488,3494 ----
int i_lanacl = -1;
char *lanoid;
char *lanname;
+ bool lanpltrusted;
char *lanacl;
const char *lanplcallfoid;
const char *lanvalidator;
***************
*** 3528,3533 ****
--- 3529,3535 ----
lanoid = PQgetvalue(res, i, i_oid);
lanplcallfoid = PQgetvalue(res, i, i_lanplcallfoid);
lanname = PQgetvalue(res, i, i_lanname);
+ lanpltrusted = (PQgetvalue(res, i, i_lanpltrusted)[0] == 't');
if (fout->remoteVersion >= 70300)
{
lanvalidator = PQgetvalue(res, i, i_lanvalidator);
***************
*** 3580,3586 ****
fmtId(lanname));
appendPQExpBuffer(defqry, "CREATE %sPROCEDURAL LANGUAGE %s",
! (PQgetvalue(res, i, i_lanpltrusted)[0] == 't') ?
"TRUSTED " : "",
fmtId(lanname));
appendPQExpBuffer(defqry, " HANDLER %s",
--- 3582,3588 ----
fmtId(lanname));
appendPQExpBuffer(defqry, "CREATE %sPROCEDURAL LANGUAGE %s",
! lanpltrusted ?
"TRUSTED " : "",
fmtId(lanname));
appendPQExpBuffer(defqry, " HANDLER %s",
***************
*** 3605,3611 ****
"PROCEDURAL LANGUAGE", deps,
defqry->data, delqry->data, NULL, NULL, NULL);
! if (!aclsSkip)
{
char *tmp = strdup(fmtId(lanname));
--- 3607,3613 ----
"PROCEDURAL LANGUAGE", deps,
defqry->data, delqry->data, NULL, NULL, NULL);
! if (!aclsSkip && lanpltrusted)
{
char *tmp = strdup(fmtId(lanname));
---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings
