Hi, On 2021-04-12 23:51:02 +0300, Andrey Borodin wrote: > Do I risk having some extra superusers in my installation if I allow > everyone to create LEAKPROOF functions?
I think that depends on what you define "superuser" to exactly be. Defining it as "has a path to executing arbitrary native code", I don't think, if implemented sensibly, allowing to set LEAKPROOF on new functions would equate superuser permissions. But you soon after might hit further limitations where lifting them would have such a risk, e.g. defining new types with in/out functions. Greetings, Andres Freund
