Re: pg_ls_dir & friends still have a hard-coded superuser check

From: Greg Stark <stark(at)mit(dot)edu>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>
Subject: Re: pg_ls_dir & friends still have a hard-coded superuser check
Date: 2017-01-25 16:30:00
Message-ID: CAM-w4HOQfcHvoZ0a7uh3ERuV25cjZJV9pT+qf--Q8TzEh6h=TA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

I tend to agree. But in the past when this came up people pointed out
you could equally do things this way and still grant all the access
you wanted using SECURITY DEFINER. Arguably that's a better approach
because then instead of auditing the entire monitor script you only
need to audit this one wrapper function, pg_ls_monitor_dir() which
just calls pg_ls_dir() on this one directory.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message David Fetter 2017-01-25 16:36:29 Re: COPY as a set returning function
Previous Message Antonin Houska 2017-01-25 16:03:41 Re: PoC: Grouped base relation