Home > mailing lists

Re: exposing pg_controldata and pg_config as functions - Mailing list pgsql-hackers

From	Joe Conway
Subject	Re: exposing pg_controldata and pg_config as functions
Date	February 18, 2016 01:18:00
Msg-id	56C4F18B.2080207@joeconway.com Whole thread Raw
In response to	Re: exposing pg_controldata and pg_config as functions (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: exposing pg_controldata and pg_config as functions
List	pgsql-hackers

Tree view

On 02/17/2016 02:14 PM, Tom Lane wrote:
> Peter Eisentraut <peter_e@gmx.net> writes:
>> On 2/17/16 12:15 PM, Joe Conway wrote:
>>> Ok, removed the documentation on the function pg_config() and pushed.
>
>> I still have my serious doubts about this, especially not even requiring
>> superuser access for this information.  Could someone explain why we
>> need this?
>
> I thought we'd agreed on requiring superuser access for this function.
> I concur that letting just anyone see the config data is inappropriate.

It does not let anyone see config data out of the box:

+ CREATE VIEW pg_config AS
+     SELECT * FROM pg_config();
+
+ REVOKE ALL on pg_config FROM PUBLIC;
+ REVOKE EXECUTE ON FUNCTION pg_config() FROM PUBLIC;
+

But it does not have an explicit superuser check. I can add that if
that's the consensus.

Joe

--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development

pgsql-hackers by date:

From: Jim Nasby
Date: 18 February 2016, 01:17:45
Subject: Re: a raft of parallelism-related bug fixes

From: Josh berkus
Date: 18 February 2016, 01:20:40
Subject: Re: exposing pg_controldata and pg_config as functions

Re: exposing pg_controldata and pg_config as functions - Mailing list pgsql-hackers

Previous

Next