Home > mailing lists

Re: system administration functions with hardcoded superuser checks - Mailing list pgsql-hackers

From	Noah Misch
Subject	Re: system administration functions with hardcoded superuser checks
Date	December 19, 2012 03:42:08
Msg-id	20121219004158.GA31760@tornado.leadboat.com Whole thread Raw
In response to	system administration functions with hardcoded superuser checks (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: system administration functions with hardcoded superuser checks (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

On Tue, Dec 18, 2012 at 12:09:10PM -0500, Peter Eisentraut wrote:
> There are some system administration functions that have hardcoded
> superuser checks, specifically:
> 
> pg_reload_conf
> pg_rotate_logfile
> pg_read_file
> pg_read_file_all
> pg_read_binary_file
> pg_read_binary_file_all
> pg_stat_file
> pg_ls_dir
> 
> Some of these are useful in monitoring or maintenance tools, and the
> hardcoded superuser checks require that these tools run with maximum
> privileges.  Couldn't we just install these functions without default
> privileges and allow users to grant privileges as necessary?

+1.  You can already use a SECURITY DEFINER wrapper, so I don't think this
opens any particular floodgate.  GRANT is a nicer interface.  However, I would
not advertise this as a replacement for wrapper functions until pg_dump can
preserve ACL changes to pg_catalog objects.

pgsql-hackers by date:

From: Robert Haas
Date: 19 December 2012, 01:44:38
Subject: Re: Parser Cruft in gram.y

From: Robert Haas
Date: 19 December 2012, 03:56:24
Subject: Re: logical decoding - GetOldestXmin

Re: system administration functions with hardcoded superuser checks - Mailing list pgsql-hackers

Previous

Next