Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtp (Exim 4.84_2)
	(envelope-from
 <pgsql-hackers-owner+M338443=pgsql-hackers-arkari@postgresql.org>)
	id 1e7qJa-0003gC-BC
	for pgsql-hackers@arkaria.postgresql.org; Thu, 26 Oct 2017 22:07:50 +0000
Received: from localhost ([127.0.0.1] helo=postgresql.org)
	by malur.postgresql.org with smtp (Exim 4.84_2)
	(envelope-from
 <pgsql-hackers-owner+M338443=pgsql-hackers-arkari@postgresql.org>)
	id 1e7qJZ-0007JY-MU
	for pgsql-hackers@arkaria.postgresql.org; Thu, 26 Oct 2017 22:07:49 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
	(Exim 4.84_2)
	(envelope-from <nico@cryptonector.com>)
	id 1e7qJZ-0007JP-0R
	for pgsql-hackers@postgresql.org; Thu, 26 Oct 2017 22:07:49 +0000
Received: from sub4.mail.dreamhost.com ([69.163.253.135]
 helo=homiemail-a55.g.dreamhost.com)
	by magus.postgresql.org with esmtps (TLS1.1:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.84_2)
	(envelope-from <nico@cryptonector.com>)
	id 1e7qJR-0002r1-U4
	for pgsql-hackers@postgresql.org; Thu, 26 Oct 2017 22:07:48 +0000
Received: from homiemail-a55.g.dreamhost.com (localhost [127.0.0.1])
	by homiemail-a55.g.dreamhost.com (Postfix) with ESMTP id 0C0D168003C0F;
	Thu, 26 Oct 2017 15:07:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date
	:from:to:cc:subject:message-id:references:mime-version
	:content-type:in-reply-to; s=cryptonector.com; bh=DdLKUtW1nkumEi
	xx0PHyqhwF0qU=; b=EEEyTcDMedHmuozyQHtKq1ytnDQLxInxHfDNrz/9FjcG1S
	MeMVlLaFz78IAK8yxl8nfo1oUAVQ0i0A/49oSQFYXfV3zh9mJbmkxRwY+7UAYVYt
	R25rMVA9i+tz35LB/2MJKJ/xghKphvEDXxXaqOe7YFJ96X9Xt7amN5V9Zx4jU=
Received: from localhost (cpe-70-123-158-140.austin.res.rr.com
 [70.123.158.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: nico@cryptonector.com)
	by homiemail-a55.g.dreamhost.com (Postfix) with ESMTPSA id B45B268003C1B;
	Thu, 26 Oct 2017 15:07:37 -0700 (PDT)
Date: Thu, 26 Oct 2017 17:07:33 -0500
From: Nico Williams <nico@cryptonector.com>
To: Pavel Stehule <pavel.stehule@gmail.com>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Subject: Re: proposal: schema variables
Message-ID: <20171026220732.GI4496@localhost>
References: 
 <CAFj8pRDY+m9OOxfO10R7J0PAkCCauM-TweaTrdsrsLGMb1VbEQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: 
 <CAFj8pRDY+m9OOxfO10R7J0PAkCCauM-TweaTrdsrsLGMb1VbEQ@mail.gmail.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
List-Archive: <http://archives.postgresql.org/pgsql-hackers>
List-Help: <mailto:majordomo@postgresql.org?body=help>
List-ID: <pgsql-hackers.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@postgresql.org>
List-Post: <mailto:pgsql-hackers@postgresql.org>
List-Subscribe: <mailto:majordomo@postgresql.org?body=sub%20pgsql-hackers>
List-Unsubscribe: <mailto:majordomo@postgresql.org?body=unsub%20pgsql-hackers>
X-Mailing-List: pgsql-hackers
Precedence: bulk
Sender: pgsql-hackers-owner@postgresql.org

On Thu, Oct 26, 2017 at 09:21:24AM +0200, Pavel Stehule wrote:
> Comments, notes?

I like it.

I would further like to move all of postgresql.conf into the database,
as much as possible, as well as pg_ident.conf and pg_hba.conf.

Variables like current_user have a sort of nesting context
functionality: calling a SECURITY DEFINER function "pushes" a new value
onto current_user, then when the function returns the new value of
current_user is "popped" and the previous value restored.

It might be nice to be able to generalize this.

Questions that then arise:

 - can one see up the stack?
 - are there permissions issues with seeing up the stack?

I recently posted proposing a feature such that SECURITY DEFINER
functions could observe the _caller_'s current_user.

Nico
-- 


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers