Home > mailing lists

Re: system administration functions with hardcoded superuser checks - Mailing list pgsql-hackers

From	Pavel Stehule
Subject	Re: system administration functions with hardcoded superuser checks
Date	December 18, 2012 20:39:06
Msg-id	CAFj8pRCO7KhxwXbLRL_cGry-hbZKOfXqLELLupwybeAjT7ZoGw@mail.gmail.com Whole thread Raw
In response to	system administration functions with hardcoded superuser checks (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: system administration functions with hardcoded superuser checks (Tomas Vondra <tv@fuzzy.cz>)
List	pgsql-hackers

Tree view

2012/12/18 Peter Eisentraut <peter_e@gmx.net>:
> There are some system administration functions that have hardcoded
> superuser checks, specifically:
>
> pg_reload_conf
> pg_rotate_logfile
>
> Some of these are useful in monitoring or maintenance tools, and the
> hardcoded superuser checks require that these tools run with maximum
> privileges.  Couldn't we just install these functions without default
> privileges and allow users to grant privileges as necessary?

isn't it too strong gun for some people ???

I believe so some one can decrease necessary rights and it opens doors
to system.

> pg_read_file
> pg_read_file_all
> pg_read_binary_file
> pg_read_binary_file_all
> pg_stat_file
> pg_ls_dir

is relative dangerous and I am not for opening these functions.

power user can simply to write extension, but he knows what he does/

Regards

Pavel



>
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers

pgsql-hackers by date:

From: Groshev Andrey
Date: 18 December 2012, 20:35:00
Subject: Re: [GENERAL] trouble with pg_upgrade 9.0 -> 9.1

From: Fujii Masao
Date: 18 December 2012, 20:44:45
Subject: Re: pg_basebackup from cascading standby after timeline switch

Re: system administration functions with hardcoded superuser checks - Mailing list pgsql-hackers

Previous

Next