Home > mailing lists

Re: [HACKERS] pg_ls_dir & friends still have a hard-coded superuser check - Mailing list pgsql-hackers

From	Greg Stark
Subject	Re: [HACKERS] pg_ls_dir & friends still have a hard-coded superuser check
Date	January 25, 2017 22:30:00
Msg-id	CAM-w4HOQfcHvoZ0a7uh3ERuV25cjZJV9pT+qf--Q8TzEh6h=TA@mail.gmail.com Whole thread Raw
In response to	[HACKERS] pg_ls_dir & friends still have a hard-coded superuser check (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: [HACKERS] pg_ls_dir & friends still have a hard-coded superuser check (Robert Haas <robertmhaas@gmail.com>) Re: [HACKERS] pg_ls_dir & friends still have a hard-coded superuser check (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

I tend to agree. But in the past when this came up people pointed out
you could equally do things this way and still grant all the access
you wanted using SECURITY DEFINER. Arguably that's a better approach
because then instead of auditing the entire monitor script you only
need to audit this one wrapper function, pg_ls_monitor_dir() which
just calls pg_ls_dir() on this one directory.

pgsql-hackers by date:

From: Antonin Houska
Date: 25 January 2017, 22:03:41
Subject: Re: [HACKERS] PoC: Grouped base relation

From: David Fetter
Date: 25 January 2017, 22:36:29
Subject: Re: [HACKERS] COPY as a set returning function

Re: [HACKERS] pg_ls_dir & friends still have a hard-coded superuser check - Mailing list pgsql-hackers

Previous

Next