Re: [COMMITTERS] pgsql: Add pg_audit, an auditing extension

Stephen Frost <sfrost(at)snowman(dot)net> writes:
> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>> At least on dromedary, this seems to be the problem:
>>
>> pg_audit.c: In function 'stack_pop':
>> pg_audit.c:387: warning: format '%ld' expects type 'long int', but argument 3 has type 'int64'
>> pg_audit.c: In function 'stack_valid':
>> pg_audit.c:406: warning: format '%ld' expects type 'long int', but argument 3 has type 'int64'
>> pg_audit.c:406: warning: format '%ld' expects type 'long int', but argument 4 has type 'int64'
>> pg_audit.c: In function 'log_audit_event':
>> pg_audit.c:676: warning: format '%ld' expects type 'long int', but argument 4 has type 'int64'
>> pg_audit.c:676: warning: format '%ld' expects type 'long int', but argument 5 has type 'int64'
>>
>> Will push a fix shortly and we'll see what happens.

> Ah, ok.

Pushed that, but some further notes:

* The actual audit reports ought to be ereport() not elog(). I made them
so but did not insert an errcode(). ISTM that it would likely be a good
thing to assign a not-used-for-any-other-purpose errcode for this, but I'm
not terribly sure what category to put it in.

* The comments in the code betray utter ignorance of how logging actually
works, in particular this:

* Administrators can choose which log level the audit log is to be logged
* at. The default level is LOG, which goes into the server log but does
* not go to the client. Set to NOTICE in the regression tests.

All the user has to do is change client_min_messages and he'll see all the
reports, which means if you think that letting the user see the audit
reports is a security problem then you have a hole a mile wide.

(I assume BTW that we're not considering it a security problem that
superusers can trivially escape auditing.)

regards, tom lane