Participants
Tatsuo Ishii
Tatsuo Ishii
Tom Lane
Tom Lane
David Fetter
David Fetter
Attachments
Thread Outline
#1...#2
Tatsuo IshiiTom Lane
Dec 18, 2018
#1Tatsuo IshiiTatsuo Ishii
Dec 18, 2018
#2Tom LaneTom Laneto Tatsuo Ishii (#1)
Dec 18, 2018
#3...#4
David FetterTom Lane
to Tom Lane (#2)
Dec 18, 2018
#3David FetterDavid Fetterto Tom Lane (#2)
Dec 18, 2018
#4Tom LaneTom Laneto David Fetter (#3)
Dec 18, 2018
#5...#6
Tatsuo Ishii
to Tom Lane (#2)
Dec 19, 2018
#5Tatsuo IshiiTatsuo Ishiito Tom Lane (#2)
Dec 19, 2018
#6Tatsuo IshiiTatsuo Ishiito Tatsuo Ishii (#5)
Dec 19, 2018

Doc typo?

Started by Tatsuo Ishiiabout 7 years ago6 messages
#1Tatsuo Ishii
Tatsuo Ishii
ishii@sraoss.co.jp
1 attachment(s)

While translating the manual into Japanese, I had a hard time to
parse following sentence in func.sgml:

Note that granting users the EXECUTE privilege on the
<function>pg_read_file()</function>, or related, functions allows them the
ability to read any file on the server which the database can read and
that those reads bypass all in-database privilege checks.

It seems there's an extra comma between "related" and "functions". Am I correct?

Patch attached.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

Attachments:

func.difftext/x-patch; charset=us-asciiDownload
diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml
index b3336ea9be..aa0c4cc89d 100644
--- a/doc/src/sgml/func.sgml
+++ b/doc/src/sgml/func.sgml
@@ -20399,7 +20399,7 @@ postgres=# SELECT * FROM pg_walfile_name_offset(pg_stop_backup());
 
    <para>
     Note that granting users the EXECUTE privilege on the
-    <function>pg_read_file()</function>, or related, functions allows them the
+    <function>pg_read_file()</function>, or related functions allows them the
     ability to read any file on the server which the database can read and
     that those reads bypass all in-database privilege checks.  This means that,
     among other things, a user with this access is able to read the contents of the
#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Tatsuo Ishii (#1)
Re: Doc typo?

Tatsuo Ishii <ishii@sraoss.co.jp> writes:

While translating the manual into Japanese, I had a hard time to
parse following sentence in func.sgml:

Note that granting users the EXECUTE privilege on the
<function>pg_read_file()</function>, or related, functions allows them the
ability to read any file on the server which the database can read and
that those reads bypass all in-database privilege checks.

It seems there's an extra comma between "related" and "functions". Am I correct?

I'd move the comma not remove it; and I think "the pg_read_file()" is
pretty bad English too. So perhaps

Note that granting users the EXECUTE privilege on
<function>pg_read_file()</function>, or related functions, allows them the
ability to read any file on the server which the database can read and
that those reads bypass all in-database privilege checks.

regards, tom lane

#3David Fetter
David Fetter
david@fetter.org
In reply to: Tom Lane (#2)
Re: Doc typo?

On Tue, Dec 18, 2018 at 06:16:14PM -0500, Tom Lane wrote:

Tatsuo Ishii <ishii@sraoss.co.jp> writes:

While translating the manual into Japanese, I had a hard time to
parse following sentence in func.sgml:

Note that granting users the EXECUTE privilege on the
<function>pg_read_file()</function>, or related, functions allows them the
ability to read any file on the server which the database can read and
that those reads bypass all in-database privilege checks.

It seems there's an extra comma between "related" and "functions". Am I correct?

I'd move the comma not remove it; and I think "the pg_read_file()" is
pretty bad English too. So perhaps

Note that granting users the EXECUTE privilege on
<function>pg_read_file()</function>, or related functions, allows them the
ability to read any file on the server which the database can read and
that those reads bypass all in-database privilege checks.

Maintaining parallelism:

Note that granting users the EXECUTE privilege on
<function>pg_read_file()</function>, or on related functions, allows them the
ability to read any file on the server which the database can read and
that those reads bypass all in-database privilege checks.

Is there a useful distinction to be drawn between the files readable
by the system user who owns the database and those the database itself
can read?

Best,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

#4Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: David Fetter (#3)
Re: Doc typo?

David Fetter <david@fetter.org> writes:

Is there a useful distinction to be drawn between the files readable
by the system user who owns the database and those the database itself
can read?

Probably not. It's possible to create such a distinction with SELinux
or other security tools, but not in plain Unix, and I don't think we
want to wade into non-standard stuff.

regards, tom lane

#5Tatsuo Ishii
Tatsuo Ishii
ishii@sraoss.co.jp
In reply to: Tom Lane (#2)
Re: Doc typo?

It seems there's an extra comma between "related" and "functions". Am I correct?

I'd move the comma not remove it; and I think "the pg_read_file()" is
pretty bad English too. So perhaps

Note that granting users the EXECUTE privilege on
<function>pg_read_file()</function>, or related functions, allows them the
ability to read any file on the server which the database can read and
that those reads bypass all in-database privilege checks.

Thanks. I will commit this.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

#6Tatsuo Ishii
Tatsuo Ishii
ishii@sraoss.co.jp
In reply to: Tatsuo Ishii (#5)
Re: Doc typo?

I'd move the comma not remove it; and I think "the pg_read_file()" is
pretty bad English too. So perhaps

Note that granting users the EXECUTE privilege on
<function>pg_read_file()</function>, or related functions, allows them the
ability to read any file on the server which the database can read and
that those reads bypass all in-database privilege checks.

Thanks. I will commit this.

Done.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

← Back to Topics