Re: System views for versions reporting - Mailing list pgsql-hackers

From Dmitry Dolgov
Subject Re: System views for versions reporting
Date
Msg-id yewkpc65y5g6fjd3kge2jetge3q2625hz64mietmyoczhqkmpu@ltotskxk4ndk
Whole thread Raw
In response to Re: System views for versions reporting  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
> On Sun, Mar 23, 2025 at 06:21:33PM GMT, Tom Lane wrote:
>
> FWIW, I think the 0004 patch is about to be mostly obsoleted by
> Andrei's proposal at [1].  To the extent that it's not obsoleted,
> I question whether it's something we want at all, given the ground
> rule that unprivileged users are not supposed to have access to info
> about the server's filesystem.

To be clear -- I don't have a case for 0004 myself, except some vague
expectation that in certain situations it could be useful to know which
shared objects are loaded, even if they are not Postgres modules. Based
on the feedback from the original thread [2], there were couple similar
opinions, maybe folks could reply here whether [1] would be sufficient
for them.

I agree with the argument about the privileges. If the 0004 patch will
be found useful, it would make sense to allow only superuser to access
this view. I assume "revoke all on pg_system_libraries from public"
should be enough, would this address the concern?

[2]: https://www.postgresql.org/message-id/flat/znc72ymyoelvk5rjk5ub254v3qvcczfrk6autygjdobfvx2e7p%40s3dssvf34twa



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: macOS 15.4 versus strchrnul()
Next
From: Ranier Vilela
Date:
Subject: Re: Small memory fixes for pg_createsubcriber