Re: [PATCH] allow pg_current_logfile() execution under pg_monitor role - Mailing list pgsql-hackers

From Nathan Bossart
Subject Re: [PATCH] allow pg_current_logfile() execution under pg_monitor role
Date
Msg-id 20240209163657.GC663211@nathanxps13
Whole thread Raw
In response to [PATCH] allow pg_current_logfile() execution under pg_monitor role  (Pavlo Golub <pavlo.golub@cybertec.at>)
Responses Re[2]: [PATCH] allow pg_current_logfile() execution under pg_monitor role
List pgsql-hackers
On Fri, Feb 09, 2024 at 04:01:58PM +0100, Pavlo Golub wrote:
> The patch attached fixes an oversight/inconsistency of disallowing the
> pg_monitor system role to execute pg_current_logfile([text]).

I think this is reasonable.  We allow pg_monitor to execute functions like
pg_ls_logdir(), so it doesn't seem like much of a stretch to expect it to
have privileges for pg_current_logfile(), too.  Are there any other
functions that pg_monitor ought to have privileges for?

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com



pgsql-hackers by date:

Previous
From: Nathan Bossart
Date:
Subject: Re: glibc qsort() vulnerability
Next
From: Nikita Malakhov
Date:
Subject: Re: POC: Extension for adding distributed tracing - pg_tracing