* Vik Fearing (v...@2ndquadrant.fr) wrote: > On 03/06/16 04:32, Michael Paquier wrote: > > On Fri, Jun 3, 2016 at 11:23 AM, Sameer Kumar <sameer.ku...@ashnik.com> > > wrote: > >> On Fri, Jun 3, 2016 at 4:30 AM Stephen Frost <sfr...@snowman.net> wrote: > >>> Given the usefulness of this specific query and that it could be used > >>> without risk of the user being able to gain superuser access through it, > >>> I'd like to see a new function added which does not have the superuser > >>> check, but is not allowed to be called by public initially either. > > CREATE FUNCTION ls_dir(text) > RETURNS SETOF text > LANGUAGE sql > SECURITY DEFINER > AS 'select * from pg_ls_dir($1)';
This isn't a good idea as it allows access to a great deal more than just the number of xlogs. Further, as described above, it gives that access to everyone and not just to specific roles. This is a great example of why we should provide an explicit function which is documented (both in our documentation and in the documentation of tools like check_postgres.pl) that users can use and can GRANT access to for their monitoring systems which gives access to only the information needed- that is, the number of xlog segments. Thanks! Stephen
signature.asc
Description: Digital signature
