Re: WAL's listing in pg_xlog by some sql query

On 03/06/16 04:32, Michael Paquier wrote:
> On Fri, Jun 3, 2016 at 11:23 AM, Sameer Kumar <sameer(dot)kumar(at)ashnik(dot)com> wrote:
>>
>>
>> On Fri, Jun 3, 2016 at 4:30 AM Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>>>
>>> * Sameer Kumar (sameer(dot)kumar(at)ashnik(dot)com) wrote:
>>>> On Fri, 3 Jun 2016, 12:14 a.m. Alex Ignatov, <a(dot)ignatov(at)postgrespro(dot)ru>
>>>> wrote:
>>>>> Can I list all WAL files in pg_xlog by using some sql query in
>>>>> Postgres?
>>>>
>>>> Try
>>>>
>>>> Select pg_ls_dir('pg_xlog');
>>>
>>> Note that this currently requires superuser privileges.
>>>
>>> Given the usefulness of this specific query and that it could be used
>>> without risk of the user being able to gain superuser access through it,
>>> I'd like to see a new function added which does not have the superuser
>>> check, but is not allowed to be called by public initially either.

CREATE FUNCTION ls_dir(text)
RETURNS SETOF text
LANGUAGE sql
SECURITY DEFINER
AS 'select * from pg_ls_dir($1)';

>> Can I not wrap it around another user defined function with SECURITY DEFINER
>> and grant privilege to specific users who can use it?

Yes, as shown above.

> pg_ls_dir() has a check on superuser() embedded in its code.

So what? That's what SECURITY DEFINER is all about.
--
Vik Fearing +33 6 46 75 15 36
http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support