On Tue, Jul 19, 2022 at 04:27:08PM -0400, Tom Lane wrote: > Nathan Bossart <nathandboss...@gmail.com> writes: >> However, I wonder if a >> better way to fix this is to provide a way to stop set_config_option() from >> throwing errors (e.g., setting elevel to -1). That way, we could remove >> the manual permissions checks in favor of always using the real ones, which >> might help prevent similar bugs in the future. > > I thought about that for a bit. You could almost do it today if you > passed elevel == DEBUG5; the ensuing log chatter for failures would be > down in the noise compared to everything else you would see with > min_messages cranked down that far. However, > > (1) As things stand, set_config_option()'s result does not distinguish > no-permissions failures from other problems, so we'd need some rejiggering > of its API anyway. > > (2) As you mused upthread, it's possible that ACL_SET isn't what we should > be checking here, but some more-specific privilege. So I'd just as soon > keep this privilege check separate from set_config_option's.
I think we'd also need to keep the manual permissions checks for placeholders, so it wouldn't save much, anyway. > I'll push ahead with fixing it like this. Sounds good. -- Nathan Bossart Amazon Web Services: https://aws.amazon.com
