On 10/25/21, 4:29 PM, "Jeff Davis" <pgsql@j-davis.com> wrote:
> On Mon, 2021-10-25 at 14:30 -0700, Andres Freund wrote:
>> I don't get the reasoning behind the "except ..." logic. What does
>> this
>> actually protect against? A reasonable use case for this feature is
>> is to
>> monitor memory usage of all backends, and this restriction practially
>> requires
>> to still use a security definer function.
>
> Nathan brought it up -- more as a question than a request, so perhaps
> it's not necessary. I don't have a strong opinion about it, but I
> included it to be conservative (easier to relax a privilege than to
> tighten one).
I asked about it since we were going to grant execution to
pg_signal_backend, which (per the docs) shouldn't be able to signal a
superuser-owned backend. I don't mind removing this now that the
pg_signal_backend part is removed.
Nathan