Skip to content

Commit 916d816

Browse files
tglsfdctglsfdc
committed
Restrict CREATE OPERATOR CLASS to superusers, per discussion some weeks
ago.
1 parent d2db166 commit 916d816

File tree

2 files changed

+19
-5
lines changed

2 files changed

+19
-5
lines changed

doc/src/sgml/ref/create_opclass.sgml

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_opclass.sgml,v 1.3 2002/09/21 18:32:54 petere Exp $
2+
$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_opclass.sgml,v 1.4 2002/10/04 22:19:29 tgl Exp $
33
PostgreSQL documentation
44
-->
55

@@ -209,9 +209,10 @@ CREATE OPERATOR CLASS
209209
are for different index access methods.
210210
</para>
211211
<para>
212-
The user who defines an operator class becomes its owner. The user
213-
must own the data type for which the operator class is being defined,
214-
and must have execute permission for all referenced operators and functions.
212+
The user who defines an operator class becomes its owner. Presently,
213+
the creating user must be a superuser. (This restriction is made because
214+
an erroneous operator class definition could confuse or even crash the
215+
server.)
215216
</para>
216217

217218
<para>

src/backend/commands/opclasscmds.c

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
*
1010
*
1111
* IDENTIFICATION
12-
* $Header: /cvsroot/pgsql/src/backend/commands/opclasscmds.c,v 1.5 2002/09/04 20:31:15 momjian Exp $
12+
* $Header: /cvsroot/pgsql/src/backend/commands/opclasscmds.c,v 1.6 2002/10/04 22:19:29 tgl Exp $
1313
*
1414
*-------------------------------------------------------------------------
1515
*/
@@ -96,12 +96,25 @@ DefineOpClass(CreateOpClassStmt *stmt)
9696

9797
ReleaseSysCache(tup);
9898

99+
/*
100+
* Currently, we require superuser privileges to create an opclass.
101+
* This seems necessary because we have no way to validate that the
102+
* offered set of operators and functions are consistent with the AM's
103+
* expectations. It would be nice to provide such a check someday,
104+
* if it can be done without solving the halting problem :-(
105+
*/
106+
if (!superuser())
107+
elog(ERROR, "Must be superuser to create an operator class");
108+
99109
/* Look up the datatype */
100110
typeoid = typenameTypeId(stmt->datatype);
101111

112+
#ifdef NOT_USED
113+
/* XXX this is unnecessary given the superuser check above */
102114
/* Check we have ownership of the datatype */
103115
if (!pg_type_ownercheck(typeoid, GetUserId()))
104116
aclcheck_error(ACLCHECK_NOT_OWNER, format_type_be(typeoid));
117+
#endif
105118

106119
/* Storage datatype is optional */
107120
storageoid = InvalidOid;

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy