On Thu, Apr 17, 2014 at 2:02 AM, Bruce Momjian <bruce@momjian.us> wrote:
> On Fri, Feb 7, 2014 at 10:16:36AM +0000, sys-milan@statpro.com wrote:
> > The following bug has been logged on the website:
> >
> > Bug reference: 9136
> > Logged by: Renato Ramonda
> > Email address: sys-milan@statpro.com
> > PostgreSQL version: 9.2.6
> > Operating system: Ubuntu 12.04
> > Description:
> >
> > The admin function pg_is_xlog_replay_paused() is read only and can be
> useful
> > for monitoring, as such it should NOT require superuser privileges (as it
> > does now).
> >
> > For reference, the read-only functions for monitoring the replication
> delay
> > such as pg_current_xlog_location can be executed without superuser
> > privileges (as remarked by the official documentation here
> > http://www.postgresql.org/docs/9.1/static/functions-admin.html )
>
> Is this correct? Do we have proper super-user restrictions on all the
> right fields now?
>
I'm not sure what the security problem would be for allowing non-superusers
to run pg_is_xlog_replay_paused(). And if there are none, there is no
reason why the function should be restricted like that.
Also, looking at that specific documentation page, ISTM it needs a better
way to show which functions actually *do* require superuser privileges. In
some groups it states which do require it, and in some where it doesn't.
Perhaps we should add a column to each of the tables with a yes/no value
indicating if superuser is required for that specific function? Or at least
have every table be prefixed by a statement saying which require superuser.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/