pgsql: Document changes in large-object privilege checking.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

pgsql: Document changes in large-object privilege checking.

Tom Lane-2
Document changes in large-object privilege checking.

Commit 5ecc0d738 removed the hard-wired superuser checks in lo_import
and lo_export in favor of protecting them with SQL permissions, but
failed to adjust the documentation to match.  Fix that, and add a
<caution> paragraph pointing out the nontrivial security hazards
involved with actually granting such permissions.  (It's still better
than ALLOW_DANGEROUS_LO_FUNCTIONS, though.)

Also, commit ae20b23a9 caused large object read/write privilege to
be checked during lo_open() rather than in the actual read or write
calls.  Document that.

Discussion: https://postgr.es/m/CAB7nPqRHmNOYbETnc_2EjsuzSM00Z+BWKv9sy6tnvSd5gWT_JA@...

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/6d776522d243d38faca6924d9b3c7cfaf0c4860d

Modified Files
--------------
doc/src/sgml/config.sgml |  3 ---
doc/src/sgml/lobj.sgml   | 42 ++++++++++++++++++++++++++++++++++++++----
2 files changed, 38 insertions(+), 7 deletions(-)

Previous Thread Next Thread