From: | Vik Fearing <vik(at)2ndquadrant(dot)fr> |
---|---|
To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Sameer Kumar <sameer(dot)kumar(at)ashnik(dot)com> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Alex Ignatov <a(dot)ignatov(at)postgrespro(dot)ru>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: WAL's listing in pg_xlog by some sql query |
Date: | 2016-06-04 14:34:04 |
Message-ID: | 5752E6DC.20106@2ndquadrant.fr |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 03/06/16 04:32, Michael Paquier wrote:
> On Fri, Jun 3, 2016 at 11:23 AM, Sameer Kumar <sameer(dot)kumar(at)ashnik(dot)com> wrote:
>>
>>
>> On Fri, Jun 3, 2016 at 4:30 AM Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>>>
>>> * Sameer Kumar (sameer(dot)kumar(at)ashnik(dot)com) wrote:
>>>> On Fri, 3 Jun 2016, 12:14 a.m. Alex Ignatov, <a(dot)ignatov(at)postgrespro(dot)ru>
>>>> wrote:
>>>>> Can I list all WAL files in pg_xlog by using some sql query in
>>>>> Postgres?
>>>>
>>>> Try
>>>>
>>>> Select pg_ls_dir('pg_xlog');
>>>
>>> Note that this currently requires superuser privileges.
>>>
>>> Given the usefulness of this specific query and that it could be used
>>> without risk of the user being able to gain superuser access through it,
>>> I'd like to see a new function added which does not have the superuser
>>> check, but is not allowed to be called by public initially either.
CREATE FUNCTION ls_dir(text)
RETURNS SETOF text
LANGUAGE sql
SECURITY DEFINER
AS 'select * from pg_ls_dir($1)';
>> Can I not wrap it around another user defined function with SECURITY DEFINER
>> and grant privilege to specific users who can use it?
Yes, as shown above.
> pg_ls_dir() has a check on superuser() embedded in its code.
So what? That's what SECURITY DEFINER is all about.
--
Vik Fearing +33 6 46 75 15 36
http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support
From | Date | Subject | |
---|---|---|---|
Next Message | Jeff Janes | 2016-06-04 18:48:10 | Re: [pg_trgm] Making similarity(?, ?) < ? use an index |
Previous Message | Vik Fearing | 2016-06-04 14:06:20 | Re: Partitioned tables do not return affected row counts to client |