Re: exposing pg_controldata and pg_config as functions - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: exposing pg_controldata and pg_config as functions
Date
Msg-id 20160118221035.GV3685@tamriel.snowman.net
Whole thread Raw
In response to Re: exposing pg_controldata and pg_config as functions  (Robert Haas <robertmhaas@gmail.com>)
Responses Re: exposing pg_controldata and pg_config as functions
List pgsql-hackers
* Robert Haas (robertmhaas@gmail.com) wrote:
> On Mon, Jan 18, 2016 at 4:43 AM, Andres Freund <andres@anarazel.de> wrote:
> > Meh, that seems pretty far into pseudo security arguments.
>
> Yeah, I really don't see anything in the pg_controldata output that
> looks sensitive.  The WAL locations are the closest of anything,
> AFAICS.

Heikki already showed how the WAL location information could be
exploited if compression is enabled.

I believe that's something we should care about and fix in one way or
another (my initial approach was using defualt roles, but using the ACL
system and starting out w/ no rights granted to that function also
works).

Thanks!

Stephen

pgsql-hackers by date:

Previous
From: Joe Conway
Date:
Subject: Re: exposing pg_controldata and pg_config as functions
Next
From: Kevin Grittner
Date:
Subject: Re: [PATCH] Improve spinlock inline assembly for x86.