Re: [COMMITTERS] pgsql: Use GRANT system to manage access to sensitive functions

[Fujii Masao]

On Thu, Apr 7, 2016 at 10:45 AM, Stephen Frost  wrote:
> Use GRANT system to manage access to sensitive functions
>
> Now that pg_dump will properly dump out any ACL changes made to
> functions which exist in pg_catalog, switch to using the GRANT system
> to manage access to those functions.
>
> This means removing 'if (!superuser()) ereport()' checks from the
> functions themselves and then REVOKEing EXECUTE right from 'public' for
> these functions in system_views.sql.

This commit revokes the execution privilege on pg_start_backup() from
a replication role. Doesn't this affect many systems that a replication
role is used to take a backup? This commit forces administrators of
those systems to manually grant the privilege to a replication role
when upgrading the system to 9.6.

Regards,

-- 
Fujii Masao


-- 
Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers

Re: [COMMITTERS] pgsql: Use GRANT system to manage access to sensitive functions

[Stephen Frost]

* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost  writes:
> > Use GRANT system to manage access to sensitive functions
> 
> This patch series seems approximately three catversion bumps
> shy of a load ...

Blargh.  I told myself at three different times tonight to remember to
bump catversion.

Apologies, will do so momentairly.

Thanks!

Stephen


signature.asc
Description: Digital signature

Re: [COMMITTERS] pgsql: Use GRANT system to manage access to sensitive functions

[Tom Lane]

Stephen Frost  writes:
> Use GRANT system to manage access to sensitive functions

This patch series seems approximately three catversion bumps
shy of a load ...

regards, tom lane


-- 
Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers

Re: [COMMITTERS] pgsql: Use GRANT system to manage access to sensitive functions

[Michael Paquier]

On Thu, Apr 7, 2016 at 10:45 AM, Stephen Frost  wrote:
> Use GRANT system to manage access to sensitive functions
>
> Now that pg_dump will properly dump out any ACL changes made to
> functions which exist in pg_catalog, switch to using the GRANT system
> to manage access to those functions.
>
> This means removing 'if (!superuser()) ereport()' checks from the
> functions themselves and then REVOKEing EXECUTE right from 'public' for
> these functions in system_views.sql.

+1.
-- 
Michael


-- 
Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers

[COMMITTERS] pgsql: Use GRANT system to manage access to sensitive functions

[Stephen Frost]

Use GRANT system to manage access to sensitive functions

Now that pg_dump will properly dump out any ACL changes made to
functions which exist in pg_catalog, switch to using the GRANT system
to manage access to those functions.

This means removing 'if (!superuser()) ereport()' checks from the
functions themselves and then REVOKEing EXECUTE right from 'public' for
these functions in system_views.sql.

Reviews by Alexander Korotkov, Jose Luis Tallon

Branch
--
master

Details
---
http://git.postgresql.org/pg/commitdiff/1574783b4ced0356fbc626af1a1a469faa6b41e1

Modified Files
--
doc/src/sgml/backup.sgml   |  8 +++--
doc/src/sgml/func.sgml | 19 ++--
doc/src/sgml/monitoring.sgml   | 12 +---
src/backend/access/transam/xlogfuncs.c | 56 +-
src/backend/catalog/system_views.sql   | 21 +
src/backend/postmaster/pgstat.c| 24 ++-
src/backend/utils/adt/misc.c   | 16 --
7 files changed, 81 insertions(+), 75 deletions(-)


-- 
Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers