| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | josh(at)agliodbs(dot)com |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Insufficient attention to security in contrib (mostly) |
| Date: | 2007-08-27 19:45:02 |
| Message-ID: | 7106.1188243902@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Josh Berkus <josh(at)agliodbs(dot)com> writes:
>> pgrowlocks tells you about row lock states, which maybe is not that
>> interesting for security, but still it's information that one wouldn't
>> expect to be exposed to someone who isn't allowed to read the table.
>> I suppose knowing the number of live tuples might in itself be
>> sensitive information.
> Here I think the advantage of being able to run this as a non-superuser
> (and thus not have the superuser password on the client machine) outweighs
> any data which can be reverse-engineered from the lock information.
I have no objection to knocking this down to demanding only SELECT privs
on the table. It's hard to think that it is OK to be totally unsecured.
> Hmmm, we can't really require anything greater than SELECT permission for
> dbsize.
That's OK for individual tables, but we have no equivalent concept for
whole databases or tablespaces. What do you propose for them?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2007-08-27 20:35:38 | Re: MSVC build system |
| Previous Message | Decibel! | 2007-08-27 19:35:37 | Re: Problem with recent permission changes commits |