On 02/17/2016 03:34 PM, Josh berkus wrote:
> On 02/17/2016 03:02 PM, Tom Lane wrote:
>> Joe Conway <m...@joeconway.com> writes:
>>> On 02/17/2016 02:14 PM, Tom Lane wrote:
>>>> I thought we'd agreed on requiring superuser access for this function.
>>>> I concur that letting just anyone see the config data is inappropriate.
>>> It does not let anyone see config data out of the box:
>>> + CREATE VIEW pg_config AS
>>> +     SELECT * FROM pg_config();
>>> +
>>> + REVOKE ALL on pg_config FROM PUBLIC;
>> Ah, that's fine.  I'd looked for a superuser() check and not seen one,
>> but letting the SQL permissions system handle it seems good enough.
> What I like about this is that if I want to expose it to a
> non-superuser, I can just do a GRANT instead of needing to write a
> security definer view.

Which was my reason for doing it this way, although that GRANT will not
get preserved by pg_dump currently. Stephen Frost is working on a patch
to change/fix that though (see the "Additional role attributes &&
superuser review" thread), which I believe he intends to get done RSN
and into 9.6.


Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to