> On Sun, Mar 23, 2025 at 06:21:33PM GMT, Tom Lane wrote: > > FWIW, I think the 0004 patch is about to be mostly obsoleted by > Andrei's proposal at [1]. To the extent that it's not obsoleted, > I question whether it's something we want at all, given the ground > rule that unprivileged users are not supposed to have access to info > about the server's filesystem.
To be clear -- I don't have a case for 0004 myself, except some vague expectation that in certain situations it could be useful to know which shared objects are loaded, even if they are not Postgres modules. Based on the feedback from the original thread [2], there were couple similar opinions, maybe folks could reply here whether [1] would be sufficient for them. I agree with the argument about the privileges. If the 0004 patch will be found useful, it would make sense to allow only superuser to access this view. I assume "revoke all on pg_system_libraries from public" should be enough, would this address the concern? [2]: https://www.postgresql.org/message-id/flat/znc72ymyoelvk5rjk5ub254v3qvcczfrk6autygjdobfvx2e7p%40s3dssvf34twa
