[#1011223] run-time option to disable SELECT and TARGET

View Trackers | Feature Requests | Download .csv | Monitor

2012-09-12 20:51
Submitted by:
Peter Eisentraut (petere)
Assigned to:
Nobody (None)
run-time option to disable SELECT and TARGET

Detailed description
The NO_SELECT compile option is interesting, but many people use binary packages, so it's not very convenient to use. A run-time option to disable SELECT (and perhaps TARGET) would therefore be useful. I imagine something like this:

alter server testcluster options (add disable_select '1');

I've looked into the code a bit. Unfortunately, the cluster configuration isn't easily available in the parse phase, so this might take some restructuring.


Date: 2012-10-31 12:26
Sender: Marko Kreen

Well, main point of disabling SELECT (and TARGET) is to restrict somebody who has managed to get superuser access in database. So anything that can be worked around with in-database commands is not that interesting.

Non-superusers are already restricted by fact that you need to be superuser to create PL/Proxy functions.

And "restrict" here means how it can move to and exploit other systems.

Restricting TARGET does not seems that useful as you just need to create another function to work around it. But I would not mind having the option for that as we might add more flexibility to TARGET, thus it might make sense.

It would be more interestring to freeze the cluster config somehow, but I don't see sane way to do it. And limiting destination addresses can be done outside of Postgres.
Date: 2012-10-31 12:10
Sender: Marko Kreen

Good point about binary packages.

I would not bother about checks in parse phase. Instead the config check can happen later if cluster info is also loaded.

And does per-cluster config of those items make sense at all?

Maybe it would better to have custom GUC's to be put into postgresql.conf instead, for global setting. And no way to work around it.

Attached Files:


No Changes Have Been Made to This Item

Powered By FusionForge