| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Andres Freund <andres(at)anarazel(dot)de>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Joe Conway <mail(at)joeconway(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: exposing pg_controldata and pg_config as functions |
| Date: | 2016-01-18 22:10:35 |
| Message-ID: | 20160118221035.GV3685@tamriel.snowman.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> On Mon, Jan 18, 2016 at 4:43 AM, Andres Freund <andres(at)anarazel(dot)de> wrote:
> > Meh, that seems pretty far into pseudo security arguments.
>
> Yeah, I really don't see anything in the pg_controldata output that
> looks sensitive. The WAL locations are the closest of anything,
> AFAICS.
Heikki already showed how the WAL location information could be
exploited if compression is enabled.
I believe that's something we should care about and fix in one way or
another (my initial approach was using defualt roles, but using the ACL
system and starting out w/ no rights granted to that function also
works).
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2016-01-18 22:14:05 | Re: [PATCH] Improve spinlock inline assembly for x86. |
| Previous Message | Robert Haas | 2016-01-18 21:55:37 | Re: exposing pg_controldata and pg_config as functions |