| From: | Melanie Plageman <melanieplageman(at)gmail(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Noah Misch <noah(at)leadboat(dot)com>, pgsql-hackers(at)postgresql(dot)org, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Robert Haas <robertmhaas(at)gmail(dot)com>, Jakub Wartak <jakub(dot)wartak(at)enterprisedb(dot)com>, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, Antonin Houska <ah(at)cybertec(dot)at> |
| Subject: | Re: AIO v2.5 |
| Date: | 2025-03-29 20:16:50 |
| Message-ID: | CAAKRu_YCUOBRJoKu6=nPS2i9-ROcaYgeTxaSevLzdyV6BgcG5A@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Mar 29, 2025 at 2:25 PM Andres Freund <andres(at)anarazel(dot)de> wrote:
>
> I think I found an issue with this one - as it stands the view was viewable by
> everyone. While it doesn't provide a *lot* of insight, it still seems a bit
> too much for an unprivileged user to learn what part of a relation any other
> user is currently reading.
>
> There'd be two different ways to address that:
> 1) revoke view & function from public, grant to a limited role (presumably
> pg_read_all_stats)
> 2) copy pg_stat_activity's approach of using something like
>
> #define HAS_PGSTAT_PERMISSIONS(role) (has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS) || has_privs_of_role(GetUserId(), role))
>
> on a per-IO basis.
Is it easier to later change it to be more restrictive or less? If it
is easier to later lock it down more, then go with 2, otherwise go
with 1?
- Melanie
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2025-03-29 20:32:33 | Re: Why does wait_for_log() return current file size |
| Previous Message | Melanie Plageman | 2025-03-29 20:09:56 | Re: Using read stream in autoprewarm |